Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
749
Views
0
Helpful
0
Replies

ASR1001-X PPPoE AAA not apply Policy-Map

cpulgarin
Level 1
Level 1

‎03-02-2018 09:33 AM - edited ‎03-01-2019 03:10 PM

Hi, I have a problem with my configuration when radius server send attributes of policy and ip address pool doesn't work, the session is established but not apply the policy-map.

 

Thanks

 

asr1001x-universal.03.16.02.S.155-3.S2-ext.SPA

 

 

aaa group server radius AAA
server-private x.x.x.x auth-port 1812 acct-port 1813 key radiuspassw
!
aaa authentication login default local
aaa authentication login PPPoE_LIST group AAA
aaa authentication ppp default group AAA
aaa authentication ppp PPPoE_LIST group AAA
aaa authorization network PPPoE_LIST if-authenticated
aaa authorization configuration PPPoE_LIST group radius
aaa accounting send stop-record authentication failure
aaa accounting delay-start
aaa accounting session-duration ntp-adjusted
aaa accounting nested
aaa accounting update periodic 1
aaa accounting exec default
action-type start-stop
group radius
!
aaa accounting network default start-stop group radius
aaa accounting system default start-stop group radius

 

policy-map 1024
class class-default
police cir 1024000
conform-action transmit
exceed-action drop

 

aaa session-id common
aaa policy interface-config allow-subinterface

virtual-profile if-needed
virtual-profile virtual-template 1

 

 

 

bba-group pppoe global
virtual-template 1
vendor-tag circuit-id service
sessions max limit 2000
sessions per-mac limit 2
sessions auto cleanup

 

 

interface Virtual-Template1
bandwidth 8000
ip unnumbered GigabitEthernet0/0/1
no logging event link-status
peer default ip address pool PPPoE
keepalive 60
ppp mtu adaptive
ppp authentication chap PPPoE_LIST
ppp ipcp address required
ppp ipcp address unique

 

ip local pool PPPoE 19x.9x.9x.x 19x.9x.9x.x

ip local pool TEST 10.253.0.1 10.253.0.255

 

radius-server attribute 44 extend-with-addr
radius-server attribute 6 on-for-login-auth
radius-server attribute 8 include-in-access-req
radius-server attribute 32 include-in-access-req
radius-server attribute 55 include-in-acct-req
radius-server attribute 61 extended
radius-server attribute 4 10.100.0.6
radius-server attribute 31 mac format ietf
radius-server attribute 31 send nas-port-detail mac-only

 

radius server ERT
address ipv4 x.x.x.x auth-port 1812 acct-port 1813
timeout 1000
retransmit 6
key radiuspassw

 

call admission new-model
call admission limit 1000
call admission cpu-limit 80
call admission pppoe 10 1

 

 

FreeRadius profile

 

"13936","asr","Service-Type","=","Framed"
"13937","asr","Framed-Protocol","=","PPP"
"13939","asr","Cisco-Avpair","+=","lcp:interface-config=allow-subinterface=yes"
"13945","asr","Cisco-Avpair","+=","ip:sub-policy-Out=1024"
"13946","asr","Cisco-Policy-Down","+=","1024"
"13947","asr","Cisco-Avpair","+=","lcp:interface-config#1=rate-limit output 1024000 32000 conform-action transmit exceed-action drop"

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents