10-30-2014 11:30 PM - edited 03-01-2019 02:49 PM
Hi guys, I got this simple topology on IOS 15.2 for 7200 routers:
And I have configured PPPoE on these devices. here's my configs:
ISG:
aaa new-model
aaa authentication ppp PPPoE_AUTHE local
!
username 2221111 password 0 123
username 2221122 password 0 123
!
ip local pool PPPoE_POOL 20.1.1.1 20.1.255.255
!
interface Virtual-Template1
ip address 20.1.1.1 255.255.255.0
peer default ip address pool PPPoE_POOL
ppp authentication chap PPPoE_AUTHE
!
bba-group pppoe PPPoE_GROUP
virtual-template 1
!
interface FastEthernet0/0
no ip address
pppoe enable group PPPoE_GROUP
!
!
interface Dialer1
ip address negotiated
encapsulation ppp
dialer pool 1
ppp chap hostname 2221111
ppp chap password 0 123
!
interface FastEthernet0/0
no ip address
pppoe enable
pppoe-client dial-pool-number 1
!
ISG#show pppoe session
2 sessions in LOCALLY_TERMINATED (PTA) State
2 sessions total
Uniq ID PPPoE RemMAC Port VT VA State
SID LocMAC VA-st Type
369 369 ca00.2754.0008 Fa0/0 1 Vi1.1 PTA
ca03.1014.0008 UP
370 370 ca01.2754.0008 Fa0/0 1 Vi1.2 PTA
ca03.1014.0008 UP
10-31-2014 02:29 AM
Hi,
1- Authenticate customers via local database (local AAA)
For PPPoE sessions, this is done at PPP level on the VTemplate interface. You are already doing this using list PPPoE_AUTHE
2- if customers got authenticated, I want R1 & R2 to be authorized (via local AAA) to access R4 with speed of 128Kbps and 256 Kbps respectively (QoS rate-limiting)
You can use a service with MQC on it. Check: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/isg/configuration/xe-3s/isg-xe-3s-book/isg-mqc-ip-sess.html
You can also apply the QoS policy using per-user QoS. Check: http://www.cisco.com/c/en/us/td/docs/ios/12_2sb/feature/guide/sbsbpssq.html#wp1050969
3- And for accounting (using local AAA), I want the credit for R1 & R2 get finished when their only sent traffic reached 10MB.
I'm afraid this is not possible. The only way to track quota consumption in ISG is using the pre-paid feature. This features takes care of reporting the quota to an external server and that server is responsible of providing further quota and maintain the total quota information for the subscriber. ISG only reports the consumption (based on accounting packets) and takes actions reacting based on the quota information provided by the server. Is not possible to use this feature without an external server. Check http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/isg/configuration/xe-3s/isg-xe-3s-book/isg-prepaid-bill.html
Regards
01-19-2015 11:14 AM
Hi,
Many thanks for your reply and sorry for delay
Based on your answer and also some other researches, for the last 3 months, I have been working (programming) on that accounting system you said and finally it turned out to be a full AAA server. Now I feel very comfortable with all its concepts and depending attributes and other stuff.
Today, after 3 months, I just came back to the same point:D
I built the AAA server, but I can't match it with ISG. I wrote the details in this link:
http://www.networking-forum.com/viewtopic.php?f=33&t=46957
Would you please take a look at it? Many thanks again.
02-10-2015 12:53 AM
Hi,
Sorry for the delay. I read your thread and it seems the issue is with the service authorization. You are expecting to see authorization request sent from ISG to radius to download the service profile but you don't see it. Correct?
I so, I would suggest to add subscriber-service authorization statement to your AAA config. Something like:
aaa authorization subscriber-service default group radius
aaa authorization subscriber-service PPPoE_AUTHO group radius
This way, ISG should send authorization requests to radius to download service profile.
Hope this helps.
Regards.
02-10-2015 01:02 AM
Hi,
Also, there seems to be a mismatch in your subscriber profile regarding the QoS policy. In the ISG you have defined:
policy-map P_IN_INTER_128K
policy-map P_OUT_INTER_128K
However, in the radius response you are sending VSA with:
Cisco-Policy-Up=IN_INTER_128K
Cisco-Policy-Down=OUT_INTER_128K
The names of the policies are not matching. This is why you see the log:"%SGPM-3-POLICY_RULE_SERVICE_CONFIG_ERROR: Service () is configured incorrectly, service_failed event will be thrown
"
Regards
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: