Good day.
Can't get the prepaid feature on ISG to work.
I've got virtual BRAS on a base of GNS3 emulating Cisco 7200:
R2#sh ver
Cisco IOS Software, 7200 Software (C7200-ADVIPSERVICESK9-M), Version 12.2(33)SRD3, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Thu 10-Sep-09 08:51 by prod_rel_team
ROM: ROMMON Emulation Microcode
R2 uptime is 1 hour, 59 minutes
System returned to ROM by unknown reload cause - suspect boot_data[BOOT_COUNT] 0x0, BOOT_COUNT 0, BOOTDATA 19
System restarted at 23:42:03 MDT Mon Aug 1 2011
System image file is "tftp://255.255.255.255/unknown"
Cisco 7206VXR (NPE400) processor (revision A) with 245760K/16384K bytes of memory.
Processor board ID 4294967295
R7000 CPU at 150Mhz, Implementation 0x27, Rev 2.1, 256KB L2 Cache
6 slot VXR midplane, Version 2.1
Last reset from power-on
PCI bus mb0_mb1 (Slots 0, 1, 3 and 5) has a capacity of 600 bandwidth points.
Current configuration on bus mb0_mb1 has a total of 800 bandwidth points.
The set of PA-2FE, PA-POS-2OC3, and I/O-2FE qualify for "half
bandwidth points" consideration, when full bandwidth point counting
results in oversubscription, under the condition that only one of the
two ports is used. With this adjustment, current configuration on bus
mb0_mb1 has a total of 800 bandwidth points.
This configuration has oversubscripted the PCI bus and is not a
supported configuration.
PCI bus mb2 (Slots 2, 4, 6) has a capacity of 600 bandwidth points.
Current configuration on bus mb2 has a total of 400 bandwidth points
This configuration is within the PCI bus capacity and is supported.
Please refer to the following document "Cisco 7200 Series Port Adaptor
Hardware Configuration Guidelines" on Cisco.com <http://www.cisco.com>
for c7200 bandwidth points oversubscription and usage guidelines.
WARNING: PCI bus mb0_mb1 Exceeds 600 bandwidth points
1 Ethernet interface
3 Gigabit Ethernet interfaces
125K bytes of NVRAM.
65536K bytes of ATA PCMCIA card at slot 0 (Sector size 512 bytes).
8192K bytes of Flash internal SIMM (Sector size 256K).
Configuration register is 0x2102
prepaid-configuration doesn't "stick" to the service. Configuration follows:
Freeradius user and service config:
"000c.29fe.750d" Cleartext-Password := "ISG"
Cisco-Account-Info += "AInternet",
Cisco-Service-Info += "NInternet",
Internet Cleartext-Password := "cisco"
Cisco-Service-Info += "IInternet",
Cisco-Avpair += "traffic-class=input access-group 100",
Cisco-Avpair += "traffic-class=output access-group 100",
Cisco-Avpair += "prepaid-config=default",
Cisco-Service-Info += "QU;512000;16000;16000;D;512000;16000;16000"
Cisco relevant configuration:
interface:
interface GigabitEthernet0/0
ip address 192.168.254.254 255.255.255.0
ip nat inside
media-type gbic
speed 1000
duplex full
negotiation auto
no keepalive
no cdp enable
service-policy type control ISG
ip subscriber l2-connected
initiator dhcp
end
control policy-map:
R2#sh run | sec policy-map
policy-map type control ISG
class type control TIMER event timed-policy-expiry
1 service disconnect
!
class type control UNAUTH event session-restart
1 authorize aaa list ISG password ISG identifier mac-address
2 service-policy type service aaa list ISG name REDIRECT
3 set-timer TIMER 5
!
class type control always event quota-depleted
1 set-param drop-traffic FALSE
!
class type control always event credit-exhausted
1 service-policy type service aaa list ISG name REDIRECT
!
access-list 100:
R2#sh ip access-lists 100
Extended IP access list 100
10 permit ip any any (1326 matches)
radius-options:
radius-server attribute 44 include-in-access-req
radius-server attribute 55 include-in-acct-req
Session starts ok, but prepaid feature is not active:
R2#sh sss session detailed
Current Subscriber Information: Total sessions 1
--------------------------------------------------
Unique Session ID: 36
Identifier:
SIP subscriber access type(s): Traffic-Class
Current SIP options: None
Session Up-time: 00:00:10, Last Changed: 00:00:10
Policy information:
Context 663194BC: Handle 91000032
AAA_id 00000022: Flow_handle 1
Authentication status: unauthen
Downloaded User profile, including services:
ssg-service-info "IInternet"
traffic-class "input access-group 100"
traffic-class "output access-group 100"
ssg-service-info "QU;512000;16000;16000;D;512000;16000;16000"
Config history for session (recent to oldest):
Access-type: Web-service-logon Client: Service Command-Handler
Policy event: Service-Start (Service)
Profile name: Internet, 4 references
ssg-service-info "IInternet"
traffic-class "input access-group 100"
traffic-class "output access-group 100"
ssg-service-info "QU;512000;16000;16000;D;512000;16000;16000"
Prepaid context: default
threshold time 0 seconds
threshold volume 0 bytes
method-list author default
method-list accounting default
password cisco
Interim accounting disabled
State PROCESSING_FIRST_AUTHOR
Flow idle at last re-author ? NO
Total idle time 0 seconds
Are we accounting for time consumed ? YES
Acct start sent ? NO
Session inbound features:
Feature: Policing
Upstream Params:
Average rate = 512000, Normal burst = 16000, Excess burst = 16000
Config level = Service Profile
Session outbound features:
Feature: Policing
Dnstream Params:
Average rate = 512000, Normal burst = 16000, Excess burst = 16000
Config level = Service Profile
Configuration sources associated with this session:
Service: Internet, Active Time = 00:00:12
--------------------------------------------------
Unique Session ID: 35
Identifier: 000c.29fe.750d
SIP subscriber access type(s): IP
Current SIP options: Req Fwding/Req Fwded
Session Up-time: 00:00:12, Last Changed: 00:00:12
Policy information:
Context 6631965C: Handle 82000031
AAA_id 00000022: Flow_handle 0
Authentication status: authen
Downloaded User profile, excluding services:
ssg-account-info "AInternet"
ssg-service-info "NInternet"
clid-mac-addr 00 0C 29 FE 75 0D
addr 192.168.254.1
netmask 255.255.255.255
config-source-dpm True
vendor-class-id-tag "MSFT 5.0"
Downloaded User profile, including services:
ssg-account-info "AInternet"
ssg-service-info "NInternet"
ssg-service-info "IInternet"
traffic-class "input access-group 100"
traffic-class "output access-group 100"
ssg-service-info "QU;512000;16000;16000;D;512000;16000;16000"
clid-mac-addr 00 0C 29 FE 75 0D
addr 192.168.254.1
netmask 255.255.255.255
config-source-dpm True
vendor-class-id-tag "MSFT 5.0"
Config history for session (recent to oldest):
Access-type: IP Client: DHCP
Policy event: Session-Update
Profile name: apply-config-only, 2 references
clid-mac-addr 00 0C 29 FE 75 0D
addr 192.168.254.1
netmask 255.255.255.255
config-source-dpm True
vendor-class-id-tag "MSFT 5.0"
Access-type: Web-service-logon Client: SM
Policy event: Apply Config Success (Service)
Profile name: Internet, 4 references
ssg-service-info "IInternet"
traffic-class "input access-group 100"
traffic-class "output access-group 100"
ssg-service-info "QU;512000;16000;16000;D;512000;16000;16000"
Access-type: IP Client: SM
Policy event: Service Selection Request
Profile name: 000c.29fe.750d, 2 references
ssg-account-info "AInternet"
ssg-service-info "NInternet"
Active services associated with session:
name "Internet"
Rules, actions and conditions executed:
subscriber condition-map match-all UNAUTH
match identifier authen-status unauthenticated [TRUE]
subscriber rule-map ISG
condition UNAUTH event session-restart
1 authorize aaa list ISG identifier mac-address
Session inbound features:
Traffic classes:
Traffic class session ID: 36
ACL Name: 100, Packets = 8, Bytes = 432
Unmatched Packets = 0, Re-classified packets (redirected) = 0
Session outbound features:
Traffic classes:
Traffic class session ID: 36
ACL Name: 100, Packets = 8, Bytes = 486
Unmatched Packets = 0, Re-classified packets (redirected) = 0
Configuration sources associated with this session:
Service: Internet, Active Time = 00:00:13
AAA Service ID = 1627389967
Interface: GigabitEthernet0/0, Active Time = 00:00:14
Cisco authorizes the user, downloads service, but there's no quota request.
I can't figure out what am I missing in configuration?
