configure
!!! описание файла аналогично ipoe_ctx.cfg.tmplt, кроме помеченых !!!!!
@@@ if clear=='1'
no context {{ctx_name}}
@@@ endif
!
context {{ctx_name}}
!
no ip domain-lookup
nat fragments
!
nat logging-profile NAT_LOG_CARBON
export-version v9
destination {{billing_ip}} port 9996
!
@@@ for policy in nat_policy
ip nat pool NAT_POOL_{{policy.name}} napt paired-mode logging
paired-mode subscriber over-subscription 32 port-limit 2000
logging-profile NAT_LOG_CARBON context {{ctx_name}}
!
@@@ for nat_pool in policy.nat_pool
address {{nat_pool}}
exclude well-known
@@@ endfor
!
@@@ for nat_range in policy.nat_range
address {{nat_range.replace("-", " to ")}}
exclude well-known
@@@ endfor
!
nat policy POL_NAT_{{policy.name}} radius-guided enhanced
connections tcp maximum {{ connlimit_tcp_max or 500 }}
connections udp maximum {{ connlimit_udp_max or 500 }}
connections icmp maximum {{ connlimit_icmp_max or 20 }}
! Default class
ignore
inbound-refresh udp
icmp-notification
! Named classes
access-group ACL_NAT
class ABON_GRAY
pool NAT_POOL_{{policy.name}} {{ctx_name}}
timeout tcp 1800
timeout udp 60
timeout fin-reset 60
timeout icmp 30
timeout syn 60
timeout basic 300
timeout abandoned 1800
admission-control tcp
admission-control udp
admission-control icmp
endpoint-independent filtering tcp
endpoint-independent filtering udp
inbound-refresh udp
icmp-notification
!
@@@ endfor
@@@ for bind in abon_binds
interface if_{{ctx_name}}_{{bind.name}}
description only for bind context with port, because multibind is not safe to use this
@@@ if bind.if_ip
ip address {{bind.if_ip}}
@@@ endif
@@@ endfor
!
!!!!! интерфейс для привязки клиентских ppp
interface if_{{ctx_name}}_multi multibind lastresort
ip unnumbered ppp_loop1
pim sparse-mode passive
!!!!! интерфейс для ip unnumbered и он же будет серверный ip в тонеле
interface ppp_loop1 loopback
ip address {{pppoe_server_ip}}
!
@@@ if context_ip
interface if_{{ctx_name}}_system loopback
description for connect to billing and other private-system net, and for indentify nas context
ip address {{context_ip}}
ip source-address telnet snmp ssh radius tacacs+ syslog dhcp-server tftp ftp netop flow-ip
no logging console
@@@ endif
@@@ if context_int
@@@ for int in context_int
interface if_{{ctx_name}}_{{int.if_ip}}_system
description for connect to billing and other private-system net, and for indentify nas context
ip address {{int.if_ip}}
ip source-address telnet snmp ssh radius tacacs+ syslog dhcp-server tftp ftp netop flow-ip
no logging console
@@@ endfor
@@@ endif
!
policy access-list ACL_NAT
seq 1010 permit ip 10.0.0.0 0.255.255.255 class ABON_GRAY
seq 1020 permit ip 192.168.0.0 0.0.255.255 class ABON_GRAY
seq 1030 permit ip 172.16.0.0 0.15.255.255 class ABON_GRAY
!
ppp keepalive check-interval seconds 30
!
http-redirect profile CARBON_URL_BLOCKED
url "http:
!
http-redirect profile CARBON_URL_NEGBAL
url "http:
!
aaa authentication administrator local
aaa authentication administrator maximum sessions 1
aaa authentication subscriber radius
aaa password default {{users_psw}}
aaa accounting subscriber radius
aaa update subscriber 300
aaa maximum subscriber active 8000
radius accounting server {{billing_ip}} key {{radius_secret}}
radius coa server {{billing_ip}} key {{coa_psw}} port 3799
!
radius server {{billing_ip}} key {{radius_secret}}
radius max-retries 3
radius timeout 5
radius max-outstanding 256
radius strip-domain
radius deadtime 1
aaa accounting suppress-acct-on-fail
!
subscriber default
qos policy policing DEFAULT_IN
qos policy metering DEFAULT_OUT
@@@ for policy in nat_policy
@@@ if loop.index==1
nat policy-name POL_NAT_{{policy.name}}
@@@ endif
@@@ endfor
! enable onlys reback support ack flow apply admission-control profile FLOW_CONNLIMIT bidirectional
flow apply ip profile FLOW_PROF_CARBON both
ppp mtu 1492
dns primary {{dns1}}
dns secondary {{dns2}}
!
radius service profile SERVICE_INET
parameter value Rate-Inet-in 1234
parameter value Burst-Inet-in 125000
parameter value ExBurst-Inet-in 250000
parameter value Rate-Inet-out 1234
parameter value Burst-Inet-out 125000
parameter value ExBurst-Inet-out 250000
seq 10 attribute Dynamic-Policy-Filter "ip in forward class CLS_INET qos"
seq 20 attribute Dynamic-Policy-Filter "ip out forward class CLS_INET qos"
seq 30 attribute Dynamic-Policy-Filter "ip in forward class CLS_LOCAL qos"
seq 40 attribute Dynamic-Policy-Filter "ip out forward class CLS_LOCAL qos"
seq 50 attribute Dynamic-Qos-Parameter "meter-class-rate CLS_INET rate-absolute $Rate-Inet-out"
seq 60 attribute Dynamic-Qos-Parameter "meter-class-burst CLS_INET $Burst-Inet-out"
seq 70 attribute Dynamic-Qos-Parameter "meter-class-excess-burst CLS_INET $ExBurst-Inet-out"
seq 80 attribute Dynamic-Qos-Parameter "police-class-rate CLS_INET rate-absolute $Rate-Inet-in"
seq 90 attribute Dynamic-Qos-Parameter "police-class-burst CLS_INET $Burst-Inet-in"
seq 100 attribute Dynamic-Qos-Parameter "police-class-excess-burst CLS_INET $ExBurst-in"
seq 110 attribute Dynamic-Qos-Parameter "meter-class-rate CLS_LOCAL rate-absolute 100000"
seq 120 attribute Dynamic-Qos-Parameter "meter-class-burst CLS_LOCAL 6250000"
seq 130 attribute Dynamic-Qos-Parameter "meter-class-excess-burst CLS_LOCAL 125000000"
seq 140 attribute Dynamic-Qos-Parameter "police-class-rate CLS_LOCAL rate-absolute 100000"
seq 150 attribute Dynamic-Qos-Parameter "police-class-burst CLS_LOCAL 6250000"
seq 160 attribute Dynamic-Qos-Parameter "police-class-excess-burst CLS_LOCAL 125000000"
seq 170 attribute Service-Interim-Accounting 900
!
@@@ for route in routes
ip route {{route.net}} {{route.gw}}
@@@ endfor
!
!
flow collector CARBON_COLLECTOR
ip-address {{billing_ip}}
port 9996
export-version v5
ip profile FLOW_PROF_CARBON
!
end