12-01-2007 03:05 AM - edited 03-10-2019 03:32 PM
Hi, all.
Im sorry my bad english (
I have - 7206VXR , NPE-G2 , c7200p-a3jk91s-mz.122-31.SB9.bin
Config -
SERVICE_403_L4R_TC Password = "cisco",
cisco-avpair = "ip:traffic-class=in access-group name ACL_IN_L4R",
cisco-avpair = "ip:l4redirect=redirect list 197 to group PORTAL",
cisco-avpair = "ip:traffic-class=out access-group name ACL_OUT_L4R",
cisco-avpair = "ip:traffic-class=out default drop",
cisco-avpair = "ip:traffic-class=in default drop",
SERVICE_401_INTERNET Password = "cisco",
User-Name = "0/0/1/100.4000",
cisco-avpair = "subscriber:accounting-list=BH_ACCNT_LIST",
cisco-avpair = "ip:traffic-class=in access-group name ACL_IN_INT priority 30",
cisco-avpair = "ip:traffic-class=out access-group name ACL_OUT_INT priority 30",
cisco-avpair = "ip:traffic-class=out default drop",
Service-Info = "QD;1024000;1024000",
Service-Info = "QU:512000;512000",
Service-Info = "ISERVICE_401_INTERNET",
cisco-avpair = "prepaid-config=default",
Extended IP access list 197
10 deny tcp any host 172.16.5.57 eq www
20 permit tcp any any eq www (6 matches)
30 permit tcp any any eq 8080
40 permit tcp any any eq 8002
50 deny udp any any eq domain (127 matches)
70 permit ip any any
Extended IP access list ACL_IN_INT
10 deny ip 10.0.0.0 0.255.255.255 any
20 deny ip 192.168.0.0 0.0.255.255 any
30 permit ip any any (1676 matches)
Extended IP access list ACL_IN_L4R
10 deny ip any host 172.16.5.57 (1 match)
20 permit tcp any any eq www (25 matches)
30 permit udp any any eq domain (116 matches)
40 permit tcp any host 81.222.82.102
50 deny ip any any (108 matches)
Extended IP access list ACL_OUT_INT
10 deny ip 10.0.0.0 0.255.255.255 any
20 deny ip 192.168.0.0 0.0.255.255 any (27 matches)
30 permit tcp any 172.16.0.0 0.0.255.255 (4252 matches)
40 permit udp any 172.16.0.0 0.0.255.255 (557 matches)
50 permit ip any any (26 matches)
Extended IP access list ACL_OUT_L4R
10 permit tcp any any eq www
20 deny ip 182.168.0.0 0.0.255.255 any
30 deny ip any 192.168.0.0 0.0.255.255
40 permit ip host 172.16.5.57 any (18 matches)
50 permit udp host 81.222.xx.2 eq domain 172.16.1.0 0.0.0.255 (57 matches)
60 permit tcp host 81.222.xx.102 172.16.1.0 0.0.0.255
70 deny ip any any (64 matches)
sh sss session detailed | i ACL
ACL Name: ACL_IN_INT, Packets = 100, Bytes = 11633
ACL Name: GAM_ACL_IN, Packets = 0, Bytes = 0
ACL Name: ACL_IN_L4R, Packets = 11, Bytes = 870
ACL Name: ACL_OUT_INT, Packets = 64, Bytes = 8160
ACL Name: GAM_ACL_OUT, Packets = 0, Bytes = 0
ACL Name: ACL_OUT_L4R, Packets = 3, Bytes = 399
Uniq ID Interface State Service Identifier Up-time
48 Traffic-Cl unauthen Ltm Internal 00:01:01
34 IP authen Local Term 0/0/1/100.4000 00:37:45
36 Traffic-Cl unauthen Ltm Internal 00:37:45
35 Traffic-Cl unauthen Ltm Internal 0/0/1/100.4000 00:37:45
Trouble -
when quota is depleted active service - SERVICE_403_L4R_TC and all trafic in service - SERVICE_401_INTERNET drop, but layer4redirect dont work , but -
Router#sh redirect translations
Destination IP/port Server IP/port Prot In Flags Out Flags Timestamp
81.2xx.xx.4 80 172.16.5.57 8001 TCP Nov 30 2007 11:00:13
If in ACL - ACL_IN_INT make no 30 permit ip any any , all work , but not information accounting for inbound direction in Acc-Request.
06-13-2008 01:04 AM
Hi,
In order to redirect , when quota gets depleted, you must apply redirect, on event of quota depleted.
ex: policy service on event quota depleted/exhaust,
apply service name (L4_Redirect to recharge page).
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide