03-02-2018 09:57 AM - edited 03-01-2019 03:10 PM
Hi, I have a problem with my configuration when radius server send attributes of policy and ip address pool doesn't work, the session is established but not apply the policy-map
aaa new-model
!
!
aaa group server radius AAA
server-private x.x.x.x auth-port 1812 acct-port 1813 key ASR1000
!
aaa authentication login default local
aaa authentication login PPPoE_LIST group AAA
aaa authentication ppp default group AAA
aaa authentication ppp PPPoE_LIST group AAA
aaa authorization network PPPoE_LIST if-authenticated
aaa authorization configuration PPPoE_LIST group radius
aaa accounting send stop-record authentication failure
aaa accounting delay-start
aaa accounting session-duration ntp-adjusted
aaa accounting nested
aaa accounting update periodic 1
aaa accounting exec default
action-type start-stop
group radius
!
aaa accounting network default start-stop group radius
aaa accounting system default start-stop group radius
aaa session-id common
aaa policy interface-config allow-subinterface
virtual-profile if-needed
virtual-profile virtual-template 1
multilink virtual-template 1
multilink bundle-name authenticated
vpdn enable
!
!
no virtual-template snmp
policy-map 1024
class class-default
police cir 1024000
conform-action transmit
exceed-action drop
bba-group pppoe global
virtual-template 1
vendor-tag circuit-id service
sessions max limit 2000
sessions per-mac limit 2
sessions auto cleanup
interface Virtual-Template1
bandwidth 8000
ip unnumbered GigabitEthernet0/0/1
no logging event link-status
peer default ip address pool PPPoE
keepalive 60
ppp mtu adaptive
ppp authentication chap PPPoE_LIST
ppp ipcp address required
ppp ipcp address unique
ip local pool PPPoE 19x.1x.9x.2 19x.1x.9x.254
ip radius source-interface GigabitEthernet0/0/1
radius-server attribute 44 extend-with-addr
radius-server attribute 6 on-for-login-auth
radius-server attribute 8 include-in-access-req
radius-server attribute 32 include-in-access-req
radius-server attribute 55 include-in-acct-req
radius-server attribute 61 extended
radius-server attribute 4 10.100.0.6
radius-server attribute 31 mac format ietf
radius-server attribute 31 send nas-port-detail mac-only
radius server ERT
address ipv4 x.x.x.x auth-port 1812 acct-port 1813
timeout 1000
retransmit 6
key ASR1000
!
!
control-plane
!
call admission new-model
call admission limit 1000
call admission cpu-limit 80
call admission pppoe 10 1
Freeradius
"13936","asr","Service-Type","=","Framed"
"13937","asr","Framed-Protocol","=","PPP"
"13939","asr","Cisco-Avpair","+=","lcp:interface-config=allow-subinterface=yes"
"13944","asr","Cisco-Avpair","+=","ip:addr-pool=CORTE"
"13945","asr","Cisco-Avpair","+=","ip:sub-policy-Out=1024"
"13946","asr","Cisco-Policy-Down","+=","1024"
"13947","asr","Cisco-Avpair","+=","lcp:interface-config#1=rate-limit output 1024000 32000 conform-action transmit exceed-action drop"
02-04-2020 03:43 AM
XE doesn't support rate-limit, use policy-map instead
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide