... Оборудование нельзя считать запущенным в эксплуатацию, если не все пункты [плана внедрения|http://asrdoc.ideco.ru/pages/viewpage.action?pageId=29033016] завершены успешно h2. Настройка оборудования (Cisco 7204 с модулем ISG) {code} class-map type traffic match-any Redir_to_web match access-group input 101 ! class-map type traffic match-any to_Portal match access-group input 103 ! class-map type traffic match-any Redirect_DNS match access-group input 104 ! class-map type control match-all USER_DROP match authen-status unauthenticated match timer 5Min ! class-map match-all NOT_SHAPE_TRF match access-group 130 policy-map type service NOMONEY class type traffic Redir_to_web redirect to group REDIRECT ! policy-map type service L4REDIRECT_to_DNS class type traffic Redirect_DNS redirect to group REDIRECT_DNS ! policy-map type service L4REDIRECT-ATT class type traffic to_Portal redirect to group REDIRECT class type traffic default input drop ! policy-map type service 512k_DEF service-policy input 512IN service-policy output 512OUT ! policy-map type service SERVICE1000 service-policy input IN1000 service-policy output OUT1000 ! policy-map type service SERVICE1500 service-policy input IN1500 service-policy output OUT1500 ! policy-map type service SERVICE2000 service-policy input IN2000 service-policy output OUT2000 ! policy-map type control RULEISG class type control USER_DROP event timed-policy-expiry 1 service disconnect class type control always event quota-depleted 1 set-param drop-traffic FALSE class type control always event session-start 1 authorize aaa list ISG password cisco identifier source-ip-address 2 service-policy type service name L4REDIRECT_to_DNS 3 service-policy type service name L4REDIRECT-ATT 4 set-timer 5Min 5 class type control always event credit-exhausted 1 service-policy type service name NOMONEY class type control always event service-failed 1 service-policy type service name 512k_DEF 2 log-session-state class type control always event service-stop 1 service-policy type service unapply identifier service-name 2 service-policy type service name 512k_DEF ! policy-map IN2000 class NOT_SHAPE_TRF police cir 2000000 bc 375000 be 750000 conform-action transmit exceed-action drop violate-action drop ! policy-map OUT2000 class NOT_SHAPE_TRF police cir 2000000 bc 375000 be 750000 conform-action transmit exceed-action drop violate-action drop ! policy-map IN1500 class NOT_SHAPE_TRF police cir 1500000 bc 281250 be 562500 conform-action transmit exceed-action drop violate-action drop ! policy-map OUT1500 class NOT_SHAPE_TRF police cir 1500000 bc 281250 be 562500 conform-action transmit exceed-action drop violate-action drop ! policy-map IN1000 class NOT_SHAPE_TRF police cir 1000000 bc 187500 be 375000 conform-action transmit exceed-action drop violate-action drop ! policy-map OUT1000 class NOT_SHAPE_TRF police cir 1000000 bc 187500 be 375000 conform-action transmit exceed-action drop violate-action drop {code} h2. Примеры команд для event_inc.sh h3. Команды для диагностики сервисов и профилей на Cisco (нужны только для первоначальной настройки). {code} echo "User-Name=\"$ip_addr\",cisco-avpair=\"subscriber:command=service-status-query\",\ cisco-avpair+=\"subscriber:service-name=PREPAID_INT2200\",\ Cisco-Account-Info=\"S$ip_addr\"" | radclient -x $nas_ip:1700 coa $radius_secret echo "User-Name=\"$ip_addr\",Cisco-Account-Info=\"S$ip_addr\",\ cisco-avpair=\"subscriber:command=profile-status-query\"" | \ radclient -x $nas_ip:1700 coa $radius_secret echo "User-Name=\"$ip_addr\",Cisco-Account-Info=\"S$ip_addr\",\ cisco-avpair=\"subscriber:command=account-profile-status-query\"" | \ radclient -x $nas_ip:1700 coa $radius_secret {code} h3. Смена скорости с помощью смены сервиса {code} echo "User-Name=\"$ip\",Cisco-Account-Info=\"S$ip\",cisco-avpair+=\"subscriber:service-name=NOMONEY\",\ cisco-avpair+=\"subscriber:command=activate-service\"" | radclient -x $nas_ip:1700 coa $radius_secret {code} h3. Редирект с помощью смены сервиса {code} echo "User-Name=\"$ip\",Cisco-Account-Info=\"S$ip\",cisco-avpair+=\"subscriber:service-name=L4REDIRECT-ATT\",\ cisco-avpair+=\"subscriber:command=activate-service\"" | radclient -x $nas_ip:1700 coa $radius_secret {code} h3. Пример event_inc.sh {code} /usr/bin/selfkiller -30:TERM -50:KILL & disown -a LOG_LEVEL=ALL SENDER=$1; shift EVENT=$1; shift DATA=$@ for VAR in $DATA; do [[ "$VAR" = *"="* ]] && eval ${VAR%%=*}=\'${VAR#*=}\' done LOG INFO "$SENDER $EVENT $DATA" case "$EVENT" in "balance_negative") LOG INFO "event type: $EVENT $DATA" echo "User-Name=\"$ip_addr\",Cisco-Account-Info=\"S$ip_addr\",\ cisco-avpair+=\"subscriber:service-name=L4REDIRECT-ATT\",\ cisco-avpair+=\"subscriber:command=deactivate-service\"" | \ radclient -x $nas_ip:1700 coa $radius_secret echo "User-Name=\"$ip_addr\",Cisco-Account-Info=\"S$ip_addr\",\ cisco-avpair+=\"subscriber:service-name=L4REDIRECT-ATT\",\ cisco-avpair+=\"subscriber:command=activate-service\"" | \ radclient -x $nas_ip:1700 coa $radius_secret ;; "balance_positive") LOG INFO "event type: $EVENT $DATA" sendsms "ГородТелеком%20доступ%20разрешен" ;; "login") echo "User-Name=\"$login\",cisco-avpair=\"subscriber:command=account-logon\",Cisco-Account-Info=\"S$ip\",Idle-Timeout=200" | radclient -x $nas_ip:1700 coa $radius_secret ;; "logout") LOG INFO "event type: $EVENT $DATA" echo "User-Name=\"$login\",Cisco-Account-Info=\"S$ip\" | radclient -x $nas_ip:1700 disconnect $radius_secret # или echo "User-Name=\"$login\",cisco-avpair=\"subscriber:command=account-logoff\",Cisco-Account-Info=\"S$ip\",Idle-Timeout=200" | radclient -x $nas_ip:1700 coa $radius_secret ;; period_closed | user_data_changed ) LOG INFO "event type: $EVENT $DATA" ;; "rate_set" ) echo "User-Name=\"$ip_addr\",Cisco-Account-Info=\"S$IP_ADDR\",\ cisco-avpair+=\"subscriber:service-name=SERVICE${ceil_in}\",\ cisco-avpair+=\"subscriber:command=deactivate-service\" | \ radclient -x $nas_ip:1700 coa $radius_secret echo "User-Name=\"$ip_addr\",Cisco-Account-Info=\"S$IP_ADDR\",\ cisco-avpair+=\"subscriber:service-name=SERVICE${ceil_in}\",\ cisco-avpair+=\"subscriber:command=activate-service\" | \ radclient -x $nas_ip:1700 coa $radius_secret ;; *) : ;; esac
|