Cisco Community
English
Register
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
677
Views
0
Helpful
0
Replies
Highlighted
pcrasotin
Beginner
Beginner
‎05-05-2008 02:33 AM
‎05-05-2008 02:33 AM

Default traffic action on ISG

Hello -

My goal is to account and to police traffice from internet only not from our LAN.

Unmatched traffic should be passed.

How can I do this?

Is it possble to change 'Default traffic is dropped' to 'Default traffic is passed'?

Here is my test session

BRAS0#sh subscriber session username testvm@H det

Unique Session ID: 1070

Identifier: testvm@H

...skipped...

Policy information:

Context 50CC99F0: Handle 66000186

AAA_id 0000D1EE: Flow_handle 0

Authentication status: authen

Downloaded User profile, excluding services:

addr x.x.x.1

service-type 2 [Framed]

ssg-account-info "Avl-test"

idletime 300 (0x12C)

Framed-Protocol 1 [PPP]

Downloaded User profile, including services:

addr 213.150.74.1

service-type 2 [Framed]

ssg-account-info "Avl-test"

idletime 300 (0x12C)

Framed-Protocol 1 [PPP]

ssg-service-info "R0.0.0.0;0.0.0.0"

inacl "ClientIn"

outacl "ClientOut"

traffic-class "in access-group name NotLANIn"

traffic-class "out access-group name NotLANOut"

ssg-service-info "QD;512000;96000;192000;U;512000;96000;192000"

Config history for session (recent to oldest):

Access-type: Web-service-logon Client: SM

Policy event: Notification Event (Service)

Profile name: wifi-vl-test, 4 references

ssg-service-info "R0.0.0.0;0.0.0.0"

inacl "ClientIn"

outacl "ClientOut"

traffic-class "in access-group name NotLANIn"

traffic-class "out access-group name NotLANOut"

ssg-service-info "QD;512000;96000;192000;U;512000;96000;192000"

service-type 5 [Outbound]

Access-type: Max Client: SM

Policy event: Process Config Connecting (Unapplied) (Service)

Profile name: BLOCK_ANY, 413 references

password <hidden>

traffic-class "input default drop"

traffic-class "output default drop"

Access-type: PPP Client: SM

Policy event: Process Config Connecting

Profile name: apply-config-only, 2 references

addr x.x.x.1

service-type 2 [Framed]

ssg-account-info "Avl-test"

idletime 300 (0x12C)

Framed-Protocol 1 [PPP]

Access-type: VPDN Client: SM

Policy event: Service Selection Request (Service)

Profile name: BLOCK_ANY, 413 references

password <hidden>

traffic-class "input default drop"

traffic-class "output default drop"

Active services associated with session:

name "vl-test"

Rules, actions and conditions executed:

subscriber rule-map PPP_RULE

condition always event session-start

1 service-policy type service name BLOCK_ANY

subscriber rule-map PPP_RULE

condition always event service-start

1 service-policy type service unapply name BLOCK_ANY

2 service-policy type service identifier service-name

Session inbound features:

Traffic classes:

Traffic class session ID: 1123

ACL Name: NotLANIn, Packets = 1952, Bytes = 1458799

Default traffic is dropped <--- !!!!

Unmatched Packets (dropped) = 3, Re-classified packets (redirected) = 0

Session outbound features:

Feature: PPP Idle Timeout

Timeout value is 300

Idle time is 00:00:00

Traffic classes:

Traffic class session ID: 1123

ACL Name: NotLANOut, Packets = 1129, Bytes = 131659

Default traffic is dropped <--- !!!!

Unmatched Packets (dropped) = 0, Re-classified packets (redirected) = 0

Thanks in advance.

Labels:
0 Helpful
Reply
0 REPLIES 0
Latest Contents
Community Live Event- ISR1100X-4G and ISR1100X-6G Platform O...
Created by Cisco Moderador on 03-02-2021 05:23 AM
1
0
1
0
Community Live- ISR1100X-4G and ISR1100X-6G Platform Overview and Architecture (Live event -  Tuesday, 23 March, 2021 at 10:00 am Pacific/ 1:00 pm Eastern / 7:00 pm Paris)- This event will have place on Tuesday 23rd, March 2021 at 10:00 hrs PDT&... view more
Cisco Secure Network Access Bridges the Gap
Created by Kelli Glass on 02-26-2021 04:19 PM
0
0
0
0
Cisco Secure Network Access is helping IT to bridge the gap between what is essential to the business and what the network delivers and to build the next-generation campus network for an unplugged and uninterrupted experience. Learn more about how these w... view more
Community Live Video - New Additions to the Catalyst 8000 Fa...
Created by Cisco Moderador on 02-24-2021 08:49 AM
0
0
0
0
(view in My Videos) Community Live- New Additions to the Catalyst 8000 Family (Live event -  Tuesday, 23 February, 2021 at 10:00 am Pacific/ 1:00 pm Eastern / 7:00 pm Paris)- This event had place on Tuesday 23rd, February 2021 at 10:00 hrs PDT... view more
New Additions to the Catalyst 8000 Family- FAQ
Created by Cisco Moderador on 02-24-2021 07:23 AM
0
0
0
0
Community Live-ISR1100X-4G and ISR1100X-6G Platform Overview and Architecture This event had place on Tuesday 23rd, February 2021 at 10hrs PDT  Introduction Designed for an intent-based network, the Cisco Catalyst 8000 Edge Platforms family offers ... view more
New Additions to the Catalyst 8000 Family- AMA Event
Created by Cisco Moderador on 02-22-2021 05:26 AM
0
0
0
0
To participate in this event, please use the  button to ask your questions New Additions to the Catalyst 8000 Family This forum is a chance to clarify all your questions related to the Catalyst 8k Family! Designed for an intent-based network, the Ci... view more
Content for Community-Ad