cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3127
Views
0
Helpful
1
Replies

ASR1001-X PPPoE + AAA + Freeradius

cpulgarin
Level 1
Level 1

Hi, I have a problem with my configuration when radius server send attributes of policy and ip address pool doesn't work, the session is established but not apply the policy-map

 

 

aaa new-model
!
!
aaa group server radius AAA
server-private x.x.x.x auth-port 1812 acct-port 1813 key ASR1000
!
aaa authentication login default local
aaa authentication login PPPoE_LIST group AAA
aaa authentication ppp default group AAA
aaa authentication ppp PPPoE_LIST group AAA
aaa authorization network PPPoE_LIST if-authenticated
aaa authorization configuration PPPoE_LIST group radius
aaa accounting send stop-record authentication failure
aaa accounting delay-start
aaa accounting session-duration ntp-adjusted
aaa accounting nested
aaa accounting update periodic 1
aaa accounting exec default
action-type start-stop
group radius
!
aaa accounting network default start-stop group radius
aaa accounting system default start-stop group radius

 

aaa session-id common
aaa policy interface-config allow-subinterface

 

virtual-profile if-needed
virtual-profile virtual-template 1

 

multilink virtual-template 1
multilink bundle-name authenticated
vpdn enable
!
!
no virtual-template snmp

 

policy-map 1024
class class-default
police cir 1024000
conform-action transmit
exceed-action drop

 

bba-group pppoe global
virtual-template 1
vendor-tag circuit-id service
sessions max limit 2000
sessions per-mac limit 2
sessions auto cleanup

 

interface Virtual-Template1
bandwidth 8000
ip unnumbered GigabitEthernet0/0/1
no logging event link-status
peer default ip address pool PPPoE
keepalive 60
ppp mtu adaptive
ppp authentication chap PPPoE_LIST
ppp ipcp address required
ppp ipcp address unique

 

ip local pool PPPoE 19x.1x.9x.2 19x.1x.9x.254

ip radius source-interface GigabitEthernet0/0/1

 

radius-server attribute 44 extend-with-addr
radius-server attribute 6 on-for-login-auth
radius-server attribute 8 include-in-access-req
radius-server attribute 32 include-in-access-req
radius-server attribute 55 include-in-acct-req
radius-server attribute 61 extended
radius-server attribute 4 10.100.0.6
radius-server attribute 31 mac format ietf
radius-server attribute 31 send nas-port-detail mac-only

 

radius server ERT
address ipv4 x.x.x.x auth-port 1812 acct-port 1813
timeout 1000
retransmit 6
key ASR1000
!
!
control-plane
!
call admission new-model
call admission limit 1000
call admission cpu-limit 80
call admission pppoe 10 1

 

Freeradius

 

"13936","asr","Service-Type","=","Framed"
"13937","asr","Framed-Protocol","=","PPP"
"13939","asr","Cisco-Avpair","+=","lcp:interface-config=allow-subinterface=yes"
"13944","asr","Cisco-Avpair","+=","ip:addr-pool=CORTE"
"13945","asr","Cisco-Avpair","+=","ip:sub-policy-Out=1024"
"13946","asr","Cisco-Policy-Down","+=","1024"
"13947","asr","Cisco-Avpair","+=","lcp:interface-config#1=rate-limit output 1024000 32000 conform-action transmit exceed-action drop"

1 Reply 1

mammali
Level 1
Level 1

XE doesn't support rate-limit, use policy-map instead 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: