pppoe_ctx.cfg

configure

!!! описание файла аналогично ipoe_ctx.cfg.tmplt, кроме помеченых !!!!!

@@@ if clear=='1'
 no context {{ctx_name}}
@@@ endif
!
context {{ctx_name}}
!
 no ip domain-lookup
 nat fragments
!
nat logging-profile NAT_LOG_CARBON
 export-version v9
 destination {{billing_ip}} port 9996
!
@@@ for policy in nat_policy
 ip nat pool NAT_POOL_{{policy.name}} napt paired-mode logging
  paired-mode subscriber over-subscription 32 port-limit 2000
  logging-profile NAT_LOG_CARBON context {{ctx_name}}
!
  @@@ for nat_pool in policy.nat_pool
    address {{nat_pool}}
      exclude well-known
  @@@ endfor
!
  @@@ for nat_range in policy.nat_range
    address {{nat_range.replace("-", " to ")}}
      exclude well-known
  @@@ endfor
!
 nat policy POL_NAT_{{policy.name}} radius-guided enhanced
  connections tcp maximum {{ connlimit_tcp_max or 500 }}
  connections udp maximum {{ connlimit_udp_max or 500 }}
  connections icmp maximum {{ connlimit_icmp_max or 20 }}
! Default class
  ignore
  inbound-refresh udp
  icmp-notification
! Named classes
  access-group ACL_NAT
   class ABON_GRAY
    pool NAT_POOL_{{policy.name}} {{ctx_name}}
    timeout tcp 1800
    timeout udp 60
    timeout fin-reset 60
    timeout icmp 30
    timeout syn 60
    timeout basic 300
    timeout abandoned 1800
    admission-control tcp
    admission-control udp
    admission-control icmp
    endpoint-independent filtering tcp
    endpoint-independent filtering udp
    inbound-refresh udp
    icmp-notification
!
@@@ endfor

 @@@ for bind in abon_binds
 interface if_{{ctx_name}}_{{bind.name}}
  description only for bind context with port, because multibind is not safe to use this
  @@@ if bind.if_ip
        ip address {{bind.if_ip}}
  @@@ endif
 @@@ endfor
!

!!!!! интерфейс для привязки клиентских ppp
 interface if_{{ctx_name}}_multi multibind lastresort
  ip unnumbered ppp_loop1
  pim sparse-mode passive

!!!!! интерфейс для ip unnumbered и он же будет серверный ip в тонеле
 interface ppp_loop1 loopback
  ip address {{pppoe_server_ip}}
!
@@@ if context_ip
 interface if_{{ctx_name}}_system loopback
  description for connect to billing and other private-system net, and for indentify nas context
  ip address {{context_ip}}
   ip source-address telnet snmp ssh radius tacacs+ syslog dhcp-server tftp ftp netop flow-ip
 no logging console
@@@ endif

@@@ if context_int
@@@ for int in context_int
 interface if_{{ctx_name}}_{{int.if_ip}}_system
  description for connect to billing and other private-system net, and for indentify nas context
  ip address {{int.if_ip}}
   ip source-address telnet snmp ssh radius tacacs+ syslog dhcp-server tftp ftp netop flow-ip
 no logging console
@@@ endfor
@@@ endif


!
 policy access-list ACL_NAT
  seq 1010 permit ip 10.0.0.0 0.255.255.255 class ABON_GRAY
  seq 1020 permit ip 192.168.0.0 0.0.255.255 class ABON_GRAY
  seq 1030 permit ip 172.16.0.0 0.15.255.255 class ABON_GRAY
!
 ppp keepalive check-interval seconds 30
!
 http-redirect profile CARBON_URL_BLOCKED
  url "http://{{cabinet_ip}}/html/blocked.php"
!
 http-redirect profile CARBON_URL_NEGBAL
  url "http://{{cabinet_ip}}/html/negbal.php"
!
 aaa authentication administrator local
 aaa authentication administrator maximum sessions 1
 aaa authentication subscriber radius
 aaa password default {{users_psw}}
 aaa accounting subscriber radius
 aaa update subscriber 300
 aaa maximum subscriber active 8000
 radius accounting server {{billing_ip}} key {{radius_secret}}
 radius coa server {{billing_ip}} key {{coa_psw}} port 3799
!
 radius server {{billing_ip}} key {{radius_secret}}
 radius max-retries 3
 radius timeout 5
 radius max-outstanding 256
 radius strip-domain
 radius deadtime 1
 aaa accounting suppress-acct-on-fail
!
 subscriber default
   qos policy policing DEFAULT_IN
   qos policy metering DEFAULT_OUT
@@@ for policy in nat_policy
    @@@ if loop.index==1
     nat policy-name POL_NAT_{{policy.name}}
    @@@ endif
@@@ endfor
! enable onlys reback support ack   flow apply admission-control profile FLOW_CONNLIMIT bidirectional
   flow apply ip profile FLOW_PROF_CARBON both
   ppp mtu 1492
   dns primary {{dns1}}
   dns secondary {{dns2}}

!
 radius service profile SERVICE_INET
  parameter value Rate-Inet-in 1234
  parameter value Burst-Inet-in 125000
  parameter value ExBurst-Inet-in 250000
  parameter value Rate-Inet-out 1234
  parameter value Burst-Inet-out 125000
  parameter value ExBurst-Inet-out 250000
  seq 10 attribute Dynamic-Policy-Filter "ip in forward class CLS_INET qos"
  seq 20 attribute Dynamic-Policy-Filter "ip out forward class CLS_INET qos"
  seq 30 attribute Dynamic-Policy-Filter "ip in forward class CLS_LOCAL qos"
  seq 40 attribute Dynamic-Policy-Filter "ip out forward class CLS_LOCAL qos"
  seq 50 attribute Dynamic-Qos-Parameter "meter-class-rate CLS_INET rate-absolute $Rate-Inet-out"
  seq 60 attribute Dynamic-Qos-Parameter "meter-class-burst CLS_INET $Burst-Inet-out"
  seq 70 attribute Dynamic-Qos-Parameter "meter-class-excess-burst CLS_INET $ExBurst-Inet-out"
  seq 80 attribute Dynamic-Qos-Parameter "police-class-rate CLS_INET rate-absolute $Rate-Inet-in"
  seq 90 attribute Dynamic-Qos-Parameter "police-class-burst CLS_INET $Burst-Inet-in"
  seq 100 attribute Dynamic-Qos-Parameter "police-class-excess-burst CLS_INET $ExBurst-in"
  seq 110 attribute Dynamic-Qos-Parameter "meter-class-rate CLS_LOCAL rate-absolute 100000"
  seq 120 attribute Dynamic-Qos-Parameter "meter-class-burst CLS_LOCAL 6250000"
  seq 130 attribute Dynamic-Qos-Parameter "meter-class-excess-burst CLS_LOCAL 125000000"
  seq 140 attribute Dynamic-Qos-Parameter "police-class-rate CLS_LOCAL rate-absolute 100000"
  seq 150 attribute Dynamic-Qos-Parameter "police-class-burst CLS_LOCAL 6250000"
  seq 160 attribute Dynamic-Qos-Parameter "police-class-excess-burst CLS_LOCAL 125000000"
  seq 170 attribute Service-Interim-Accounting 900
!
 @@@ for route in routes
 ip route {{route.net}} {{route.gw}}
 @@@ endfor
!
!
 flow collector CARBON_COLLECTOR
  ip-address {{billing_ip}}
  port 9996
  export-version v5
  ip profile FLOW_PROF_CARBON
!
end
pppoe_ctx.cfg

Метки
