cisco 3825 router pppoe server does not support rate limit from radius

mujibrahman · ‎02-10-2019

pppoe client (MikroTik)----> cisco switch---->cisco router ----> MikroTik ----->Radius server

Authentication for pppoe client works properly but data rate limitation from radius server does not effect the pppoe client they use unlimited B/W.

This the router configuration:

BH_Base2_Router#sh run
Building configuration...

Current configuration : 9681 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname BH_Base2_Router
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$fukd$0ShmSgoUivf3wwjwVJrJB/
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication ppp default group radius
aaa authorization network default group radius
aaa accounting delay-start
aaa accounting network default start-stop group radius
!
aaa nas port extended
aaa server radius dynamic-author
client 192.168.255.2 server-key 7 1446405858517C
server-key 7 025756085F5359
port 3799
auth-type any
ignore session-key
!
aaa session-id common
!
!
dot11 syslog
ip cef
!
!
!
!
!
multilink bundle-name authenticated
!
voice-card 0
no dspfarm
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
username north password 7 080F435C1D11544541
!
!
archive
log config
hidekeys
!
!
!
policy-map PPP
class class-default
police rate 50000000
!
!
!
!
bba-group pppoe POINT-TO-POINT
virtual-template 1
sessions per-mac limit 1
!
!
interface Loopback0
ip address 100.100.100.5 255.255.255.255
!
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/0.1
encapsulation dot1Q 100
ip address 10.9.0.2 255.255.255.252
ip ospf priority 254
!
interface GigabitEthernet0/0.2
description Barchi
encapsulation dot1Q 5
ip address 10.5.0.1 255.255.255.248
ip ospf priority 254
ip ospf mtu-ignore
!
interface GigabitEthernet0/0.3
description Shahr-e-now
encapsulation dot1Q 4
ip address 10.4.0.1 255.255.255.248
ip ospf priority 254
!
interface GigabitEthernet0/0.4
description Zaman-Khan
encapsulation dot1Q 3
ip address 10.6.0.1 255.255.255.248
ip ospf priority 254
!
interface GigabitEthernet0/0.5
description BH_SW_Management_ip
encapsulation dot1Q 2
ip address 10.2.0.9 255.255.255.252
!
interface GigabitEthernet0/0.10
description POINT-1
encapsulation dot1Q 10
ip address 10.2.1.1 255.255.255.252
pppoe enable group POINT-TO-POINT
!
interface GigabitEthernet0/0.11
description POINT-2
encapsulation dot1Q 11
ip address 10.2.2.1 255.255.255.252
pppoe enable group POINT-TO-POINT
!
interface GigabitEthernet0/0.12
description POINT-3
encapsulation dot1Q 12
ip address 10.2.3.1 255.255.255.252
pppoe enable group POINT-TO-POINT
!
interface GigabitEthernet0/0.13
description POINT-4
encapsulation dot1Q 13
ip address 10.2.4.1 255.255.255.252
pppoe enable group POINT-TO-POINT
!
interface GigabitEthernet0/0.14
description POINT-5
encapsulation dot1Q 14
ip address 10.2.5.1 255.255.255.252
pppoe enable group POINT-TO-POINT
!
interface GigabitEthernet0/0.15
description POINT-6
encapsulation dot1Q 15
ip address 10.2.6.1 255.255.255.252
pppoe enable group POINT-TO-POINT
!
interface GigabitEthernet0/0.16
description POINT-7
encapsulation dot1Q 16
ip address 10.2.7.1 255.255.255.252
pppoe enable group POINT-TO-POINT
!
interface GigabitEthernet0/0.17
description POINT-8
encapsulation dot1Q 17
ip address 10.2.8.1 255.255.255.252
pppoe enable group POINT-TO-POINT
!
interface GigabitEthernet0/0.18
description POINT-9
encapsulation dot1Q 18
ip address 10.2.9.1 255.255.255.252
pppoe enable group POINT-TO-POINT
!
interface GigabitEthernet0/0.19
description POINT-10
encapsulation dot1Q 19
ip address 10.2.10.1 255.255.255.252
pppoe enable group POINT-TO-POINT
!
interface GigabitEthernet0/0.20
description POINT-11
encapsulation dot1Q 20
ip address 10.2.11.1 255.255.255.252
pppoe enable group POINT-TO-POINT
!
interface GigabitEthernet0/0.21
description POINT-12
encapsulation dot1Q 21
ip address 10.2.12.1 255.255.255.252
pppoe enable group POINT-TO-POINT
!
interface GigabitEthernet0/0.22
description POINT-13
encapsulation dot1Q 22
ip address 10.2.13.1 255.255.255.252
pppoe enable group POINT-TO-POINT
!
interface GigabitEthernet0/0.23
description POINT-14
encapsulation dot1Q 23
ip address 10.2.14.1 255.255.255.252
pppoe enable group POINT-TO-POINT
!
interface GigabitEthernet0/0.24
description POINT-15
encapsulation dot1Q 24
ip address 10.2.15.1 255.255.255.252
pppoe enable group POINT-TO-POINT
!
interface GigabitEthernet0/0.25
description POINT-16
encapsulation dot1Q 25
ip address 10.2.16.1 255.255.255.252
pppoe enable group POINT-TO-POINT
!
interface GigabitEthernet0/0.26
description POINT-17
encapsulation dot1Q 26
pppoe enable group POINT-TO-POINT
!
interface GigabitEthernet0/0.27
description POINT-18
encapsulation dot1Q 27
pppoe enable group POINT-TO-POINT
!
interface GigabitEthernet0/1
description To-Main_Office
ip address 10.2.0.4 255.255.255.248
duplex auto
speed auto
media-type rj45
service-policy input PPP
service-policy output PPP
!
interface Virtual-Template1
mtu 1492
ip unnumbered Loopback0
no peer default ip address
ppp authentication pap chap
!
router ospf 1
router-id 10.255.255.20
log-adjacency-changes
redistribute connected subnets
redistribute static subnets
network 10.2.0.0 0.0.0.7 area 0
network 10.4.0.0 0.0.0.7 area 0
network 10.5.0.0 0.0.0.7 area 0
network 10.6.0.0 0.0.0.7 area 0
network 10.9.0.0 0.0.0.3 area 0
!
ip forward-protocol nd
!
!
ip http server
no ip http secure-server
!
snmp-server community public RO
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps vrrp
snmp-server enable traps ds1
snmp-server enable traps tty
snmp-server enable traps eigrp
snmp-server enable traps xgcp
snmp-server enable traps flash insertion removal
snmp-server enable traps ds3
snmp-server enable traps envmon
snmp-server enable traps icsudsu
snmp-server enable traps isdn call-information
snmp-server enable traps isdn layer2
snmp-server enable traps isdn chan-not-avail
snmp-server enable traps isdn ietf
snmp-server enable traps ds0-busyout
snmp-server enable traps ds1-loopback
snmp-server enable traps ethernet cfm cc mep-up mep-down cross-connect loop config
snmp-server enable traps ethernet cfm crosscheck mep-missing mep-unknown service-up
snmp-server enable traps disassociate
snmp-server enable traps deauthenticate
snmp-server enable traps authenticate-fail
snmp-server enable traps dot11-qos
snmp-server enable traps switch-over
snmp-server enable traps rogue-ap
snmp-server enable traps wlan-wep
snmp-server enable traps aaa_server
snmp-server enable traps atm subif
snmp-server enable traps bgp
snmp-server enable traps bstun
snmp-server enable traps bulkstat collection transfer
snmp-server enable traps memory bufferpeak
snmp-server enable traps cnpd
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps dial
snmp-server enable traps dlsw
snmp-server enable traps dsp card-status
snmp-server enable traps dsp oper-state
snmp-server enable traps entity
snmp-server enable traps fru-ctrl
snmp-server enable traps resource-policy
snmp-server enable traps event-manager
snmp-server enable traps frame-relay multilink bundle-mismatch
snmp-server enable traps frame-relay
snmp-server enable traps frame-relay subif
snmp-server enable traps hsrp
snmp-server enable traps ipmobile
snmp-server enable traps ipmulticast
snmp-server enable traps mpls ldp
snmp-server enable traps mpls traffic-eng
snmp-server enable traps mpls vpn
snmp-server enable traps msdp
snmp-server enable traps mvpn
snmp-server enable traps ospf state-change
snmp-server enable traps ospf errors
snmp-server enable traps ospf retransmit
snmp-server enable traps ospf lsa
snmp-server enable traps ospf cisco-specific state-change nssa-trans-change
snmp-server enable traps ospf cisco-specific state-change shamlink interface-old
snmp-server enable traps ospf cisco-specific state-change shamlink neighbor
snmp-server enable traps ospf cisco-specific errors
snmp-server enable traps ospf cisco-specific retransmit
snmp-server enable traps ospf cisco-specific lsa
snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message
snmp-server enable traps pppoe
snmp-server enable traps cpu threshold
snmp-server enable traps rsvp
snmp-server enable traps ipsla
snmp-server enable traps stun
snmp-server enable traps syslog
snmp-server enable traps l2tun session
snmp-server enable traps l2tun pseudowire status
snmp-server enable traps vsimaster
snmp-server enable traps vtp
snmp-server enable traps pw vc
snmp-server enable traps director server-up server-down
snmp-server enable traps firewall serverstatus
snmp-server enable traps isakmp policy add
snmp-server enable traps isakmp policy delete
snmp-server enable traps isakmp tunnel start
snmp-server enable traps isakmp tunnel stop
snmp-server enable traps ipsec cryptomap add
snmp-server enable traps ipsec cryptomap delete
snmp-server enable traps ipsec cryptomap attach
snmp-server enable traps ipsec cryptomap detach
snmp-server enable traps ipsec tunnel start
snmp-server enable traps ipsec tunnel stop
snmp-server enable traps ipsec too-many-sas
snmp-server enable traps rf
snmp-server enable traps ccme
snmp-server enable traps srst
snmp-server enable traps voice
snmp-server enable traps dnis
!
!
!
!
!
no radius-server attribute 77 include-in-acct-req
no radius-server attribute 77 include-in-access-req
radius-server attribute 6 on-for-login-auth
radius-server attribute nas-port format d
radius-server configure-nas
radius-server host 192.168.255.2 auth-port 1812 acct-port 1813
radius-server host 192.168.255.2 auth-port 1645 acct-port 1646 non-standard
radius-server key 7 11584B5643475D
radius-server vsa send cisco-nas-port
radius-server vsa send accounting
radius-server vsa send authentication
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 5 15
!
scheduler allocate 20000 1000
!
end