cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
894
Views
0
Helpful
0
Replies
Utair Corporation
Participant

ISG policy with dead radius fallback

Hi.

I want to create such policy, that users, while in dead radius fallback mode are not getting interrupted, untill radius replied.

All examples i saw, set 1 minute timeout, set fallback service applied and after timer expires, they force to drop session and start over, it radius is not back on, users has no fallback service during radius timeout, which is unacceptable.

 

here is what i tried, but after radius comes back, users got aouthenticated but continue using Fallback50m service and completely ignoring radius supplied services.

 

any thoughts?

 

policy-map type control testing
 class type control CM_C_IPOE_REJECT_REAUTH event timed-policy-expiry
  1 service disconnect
 !
 class type control CM_C_IPOE_RTIMEOUT_REAUTH event timed-policy-expiry
  10 authorize aaa list IPOE password ciscoo identifier source-ip-address 
 !
 class type control always event session-start
  10 authorize aaa list IPOE password ciscoo identifier source-ip-address 
 !
 class type control always event access-reject
  20 set-timer IPOE_REJECT_REAUTH 1
  30 service-policy type service name Redirect100
  40 service-policy type service name Redirect110
  50 service-policy type service name Redirect400
  60 service-policy type service name Redirect410
  70 service-policy type service name Redirect500
  80 service-policy type service name Redirect510
 !
 class type control always event radius-timeout
  10 set-timer IPOE_RTIMEOUT_REAUTH 1
  20 service-policy type service name Failover50m
 !
 class type control always event account-logon
  10 service-policy type service unapply name Failover50m
  20 service-policy type service aaa list IPOE identifier authenticated-username
 !
 class type control always event account-logoff
  1 service disconnect
 !
0 REPLIES 0
Content for Community-Ad

This widget could not be displayed.