Showing results for 
Search instead for 
Did you mean: 

ASR1001-X PPPoE AAA not apply Policy-Map


Hi, I have a problem with my configuration when radius server send attributes of policy and ip address pool doesn't work, the session is established but not apply the policy-map.







aaa group server radius AAA
server-private x.x.x.x auth-port 1812 acct-port 1813 key radiuspassw
aaa authentication login default local
aaa authentication login PPPoE_LIST group AAA
aaa authentication ppp default group AAA
aaa authentication ppp PPPoE_LIST group AAA
aaa authorization network PPPoE_LIST if-authenticated
aaa authorization configuration PPPoE_LIST group radius
aaa accounting send stop-record authentication failure
aaa accounting delay-start
aaa accounting session-duration ntp-adjusted
aaa accounting nested
aaa accounting update periodic 1
aaa accounting exec default
action-type start-stop
group radius
aaa accounting network default start-stop group radius
aaa accounting system default start-stop group radius


policy-map 1024
class class-default
police cir 1024000
conform-action transmit
exceed-action drop


aaa session-id common
aaa policy interface-config allow-subinterface

virtual-profile if-needed
virtual-profile virtual-template 1




bba-group pppoe global
virtual-template 1
vendor-tag circuit-id service
sessions max limit 2000
sessions per-mac limit 2
sessions auto cleanup



interface Virtual-Template1
bandwidth 8000
ip unnumbered GigabitEthernet0/0/1
no logging event link-status
peer default ip address pool PPPoE
keepalive 60
ppp mtu adaptive
ppp authentication chap PPPoE_LIST
ppp ipcp address required
ppp ipcp address unique


ip local pool PPPoE 19x.9x.9x.x 19x.9x.9x.x

ip local pool TEST


radius-server attribute 44 extend-with-addr
radius-server attribute 6 on-for-login-auth
radius-server attribute 8 include-in-access-req
radius-server attribute 32 include-in-access-req
radius-server attribute 55 include-in-acct-req
radius-server attribute 61 extended
radius-server attribute 4
radius-server attribute 31 mac format ietf
radius-server attribute 31 send nas-port-detail mac-only


radius server ERT
address ipv4 x.x.x.x auth-port 1812 acct-port 1813
timeout 1000
retransmit 6
key radiuspassw


call admission new-model
call admission limit 1000
call admission cpu-limit 80
call admission pppoe 10 1



FreeRadius profile


"13947","asr","Cisco-Avpair","+=","lcp:interface-config#1=rate-limit output 1024000 32000 conform-action transmit exceed-action drop"

0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: