|
Ключ
Эта строка удалена.
Это слово было удалено. Это слово было добавлено.
Эта строка добавлена.
|
Изменения (54)
просмотр истории страницы| Интеграция заключается в следующих шагах: # Настройка сервисов / политик / профилей на оборудовании # Настройка скрипта event_inc.sh на Ideco ACP для пересылки нужных команд # Создание и настройка RADIUS-атрибутов в тарифах для пользователей |
| h2. Внимание\! Все предоставленные примеры не обязательно являются рабочими, использовать их для настройки своего оборудования без понимания принципа действия не рекомендуется. |
| Примеры предоставлены исключительно для понимания принципов работы Ideco ACP Carbon Billing с сторонним оборудованием. |
| |
| *Примечание.* Загрузка сервисов через RADIUS также возможна через псевдопользователей, но мы не рекомендуем ей пользоваться тк в случае ошибки или потери радиус пакета пользователь может оказаться подключенным без сервиса и без ограничения скорости. Поэтому мы всегда рекомендуем использовать статические сервисы. Оборудование нельзя считать запущенным в эксплуатацию, если не все пункты [плана внедрения|http://asrdoc.ideco.ru/pages/viewpage.action?pageId=29033016] завершены успешно |
| h2. Настройка оборудования (Cisco 7204 с модулем ISG) {code} |
... |
| service-policy output 512OUT ! |
| policy-map type service SERVICE1000 service-policy input IN1000 service-policy output OUT1000 ! policy-map type service SERVICE1500 service-policy input IN1500 service-policy output OUT1500 ! policy-map type service SERVICE2000 service-policy input IN2000 service-policy output OUT2000 ! |
| policy-map type control RULEISG class type control USER_DROP event timed-policy-expiry |
... |
| 2 service-policy type service name 512k_DEF ! |
| policy-map 2000kOUT IN2000 |
| class NOT_SHAPE_TRF police cir 2000000 bc 375000 be 750000 conform-action transmit exceed-action drop violate-action drop |
| ! |
| policy-map 2200kIN OUT2000 |
| class NOT_SHAPE_TRF |
| police cir 2200000 bc 412500 be 825000 conform-action transmit exceed-action drop violate-action drop policy-map 300kOUT class NOT_SHAPE_TRF police cir 300000 bc 56250 be 112500 conform-action transmit exceed-action drop violate-action drop policy-map 8000kIN class NOT_SHAPE_TRF police cir 8000000 bc 1500000 be 3000000 conform-action transmit exceed-action drop violate-action drop policy-map 1000kOUT class NOT_SHAPE_TRF police cir 1000000 bc 187500 be 375000 conform-action transmit exceed-action drop violate-action drop policy-map 500kIN class NOT_SHAPE_TRF police cir 500000 bc 93750 be 187500 conform-action transmit exceed-action drop violate-action drop policy-map 1100kIN class NOT_SHAPE_TRF police cir 1100000 bc 206250 be 412500 conform-action transmit exceed-action drop violate-action drop policy-map 3000kOUT class NOT_SHAPE_TRF police cir 3000000 bc 562500 be 1125000 conform-action transmit exceed-action drop violate-action drop policy-map 8000kOUT class NOT_SHAPE_TRF police cir 8000000 bc 1500000 be 3000000 conform-action transmit exceed-action drop violate-action drop policy-map 1024IN class class-default police cir 1024000 bc 192000 be 384000 conform-action transmit exceed-action drop violate-action drop policy-map 600kOUT class NOT_SHAPE_TRF police cir 600000 bc 112500 be 225000 conform-action transmit exceed-action drop violate-action drop policy-map 3000kIN class NOT_SHAPE_TRF police cir 3000000 bc 562500 be 1125000 conform-action transmit exceed-action drop violate-action drop policy-map 50kIN class NOT_SHAPE_TRF police cir 50000 bc 9375 be 18750 conform-action transmit exceed-action drop violate-action drop policy-map 512OUT class class-default police cir 512000 bc 96000 be 192000 conform-action transmit exceed-action drop violate-action drop policy-map 2000kIN class NOT_SHAPE_TRF |
| police cir 2000000 bc 375000 be 750000 conform-action transmit exceed-action drop violate-action drop |
| ! |
| policy-map 4000kIN IN1500 |
| class NOT_SHAPE_TRF |
| police cir 4000000 1500000 bc 750000 281250 be 1500000 562500 conform-action transmit exceed-action drop violate-action drop |
| ! |
| policy-map 300kIN OUT1500 |
| class NOT_SHAPE_TRF |
| police cir 300000 bc 56250 be 112500 conform-action transmit exceed-action drop violate-action drop policy-map 256IN class class-default police cir 256000 bc 48000 be 96000 conform-action transmit exceed-action drop violate-action drop policy-map 256OUT class class-default police cir 256000 bc 48000 be 96000 conform-action transmit exceed-action drop violate-action drop policy-map 1500kIN class NOT_SHAPE_TRF |
| police cir 1500000 bc 281250 be 562500 conform-action transmit exceed-action drop violate-action drop |
| ! |
| policy-map 1024OUT IN1000 |
| class class-default police cir 1024000 bc 192000 be 384000 conform-action transmit exceed-action drop violate-action drop policy-map 600kIN |
| class NOT_SHAPE_TRF |
| police cir 600000 bc 112500 be 225000 conform-action transmit exceed-action drop violate-action drop policy-map 1100kOUT class NOT_SHAPE_TRF police cir 1100000 bc 206250 be 412500 conform-action transmit exceed-action drop violate-action drop policy-map 512IN class class-default police cir 512000 bc 96000 be 192000 conform-action transmit exceed-action drop violate-action drop policy-map 1000kIN class NOT_SHAPE_TRF |
| police cir 1000000 bc 187500 be 375000 conform-action transmit exceed-action drop violate-action drop |
| ! |
| policy-map 2500kOUT OUT1000 |
| class NOT_SHAPE_TRF |
| police cir 2500000 1000000 bc 468750 187500 be 937500 375000 conform-action transmit exceed-action drop violate-action drop |
| policy-map 50kOUT class NOT_SHAPE_TRF police cir 50000 bc 9375 be 18750 conform-action transmit exceed-action drop violate-action drop policy-map 2200kOUT class NOT_SHAPE_TRF police cir 2200000 bc 412500 be 825000 conform-action transmit exceed-action drop violate-action drop policy-map 150kOUT class NOT_SHAPE_TRF police cir 150000 bc 28125 be 56250 conform-action transmit exceed-action drop violate-action drop policy-map 2500kIN class NOT_SHAPE_TRF police cir 2500000 bc 468750 be 937500 conform-action transmit exceed-action drop violate-action drop policy-map 500kOUT class NOT_SHAPE_TRF police cir 500000 bc 93750 be 187500 conform-action transmit exceed-action drop violate-action drop policy-map 4000kOUT class NOT_SHAPE_TRF police cir 4000000 bc 750000 be 1500000 conform-action transmit exceed-action drop violate-action drop policy-map 150kIN class NOT_SHAPE_TRF police cir 150000 bc 28125 be 56250 conform-action transmit exceed-action drop violate-action drop policy-map 1500kOUT class NOT_SHAPE_TRF police cir 1500000 bc 281250 be 562500 conform-action transmit exceed-action drop violate-action drop |
| {code} |
... |
| h3. Команды для диагностики сервисов и профилей на Cisco (нужны только для первоначальной настройки). |
| \#TODO nas_passwd вместо статики |
| {code} |
| repaidReauthReason 9, 253 Control-Info QR1 echo "User-Name=\"$ip_addr\",cisco-avpair=\"subscriber:command=service-status-query\",cisco-avpair+=\"subscriber:service-name=PREPAID_INT2200\",Cisco-Account-Info=\"S$ip_addr\"" | radclient -x $nas_ip:1700 coa 1234 echo "User-Name=\"$ip_addr\",Cisco-Account-Info=\"S$ip_addr\",cisco-avpair=\"subscriber:command=profile-status-query\"" | radclient -x $nas_ip:1700 coa 1234 echo "User-Name=\"$ip_addr\",Cisco-Account-Info=\"S$ip_addr\",cisco-avpair=\"subscriber:command=account-profile-status-query\"" | radclient -x $nas_ip:1700 coa 1234 |
| echo "User-Name=\"$ip_addr\",cisco-avpair=\"subscriber:command=service-status-query\",\ cisco-avpair+=\"subscriber:service-name=PREPAID_INT2200\",\ Cisco-Account-Info=\"S$ip_addr\"" | radclient -x $nas_ip:1700 coa $radius_secret echo "User-Name=\"$ip_addr\",Cisco-Account-Info=\"S$ip_addr\",\ cisco-avpair=\"subscriber:command=profile-status-query\"" | \ radclient -x $nas_ip:1700 coa $radius_secret echo "User-Name=\"$ip_addr\",Cisco-Account-Info=\"S$ip_addr\",\ cisco-avpair=\"subscriber:command=account-profile-status-query\"" | \ radclient -x $nas_ip:1700 coa $radius_secret |
| {code} |
... |
| {code} |
| echo "User-Name=\"$ip\",Cisco-Account-Info=\"S$ip\",cisco-avpair+=\"subscriber:service-name=NOMONEY\",cisco-avpair+=\"subscriber:command=activate-service\"" | radclient -x $nas_ip:1700 coa 1234 |
| echo "User-Name=\"$ip\",Cisco-Account-Info=\"S$ip\",cisco-avpair+=\"subscriber:service-name=NOMONEY\",\ cisco-avpair+=\"subscriber:command=activate-service\"" | radclient -x $nas_ip:1700 coa $radius_secret |
| {code} |
... |
| {code} |
| echo "User-Name=\"$ip\",Cisco-Account-Info=\"S$ip\",cisco-avpair+=\"subscriber:service-name=L4REDIRECT-ATT\",cisco-avpair+=\"subscriber:command=activate-service\"" | radclient -x $nas_ip:1700 coa 1234 |
| echo "User-Name=\"$ip\",Cisco-Account-Info=\"S$ip\",cisco-avpair+=\"subscriber:service-name=L4REDIRECT-ATT\",\ cisco-avpair+=\"subscriber:command=activate-service\"" | radclient -x $nas_ip:1700 coa $radius_secret |
| {code} |
... |
| "balance_negative") LOG INFO "event type: $EVENT $DATA" |
| echo "User-Name=\"$ip_addr\",Cisco-Account-Info=\"S$ip_addr\",\ cisco-avpair+=\"subscriber:service-name=L4REDIRECT-ATT\",\ cisco-avpair+=\"subscriber:command=deactivate-service\"" | \ |
| echo "User-Name=\"$ip_addr\",Cisco-Account-Info=\"S$ip_addr\",cisco-avpair+=\"subscriber:service-name=L4REDIRECT-ATT\",cisco-avpair+=\"subscriber:command=deactivate-service\"" | radclient -x $nas_ip:1700 coa $radius_secret |
| echo "User-Name=\"$ip_addr\",Cisco-Account-Info=\"S$ip_addr\",cisco-avpair+=\"subscriber:service-name=L4REDIRECT-ATT\",cisco-avpair+=\"subscriber:command=activate-service\"" | radclient -x $nas_ip:1700 coa $radius_secret "User-Name=\"$ip_addr\",Cisco-Account-Info=\"S$ip_addr\",\ |
| cisco-avpair+=\"subscriber:service-name=L4REDIRECT-ATT\",\ cisco-avpair+=\"subscriber:command=activate-service\"" | \ radclient -x $nas_ip:1700 coa $radius_secret |
| ;; |
| |
| "balance_positive") |
| LOG INFO "event type: $EVENT $DATA" |
| sendsms "ГородТелеком%20доступ%20разрешен" |
| ;; |
| |
| "login") echo "User-Name=\"$login\",cisco-avpair=\"subscriber:command=account-logon\",Cisco-Account-Info=\"S$ip\",Idle-Timeout=200" | radclient -x $nas_ip:1700 coa $radius_secret ;; |
| LOG INFO "event type: $EVENT $DATA" ;; |
| |
| "logout") |
| LOG INFO "event type: $EVENT $DATA" |
| # неправильно # echo "User-Name=\"$login\",cisco-avpair=\"subscriber:command=account-logoff\",Cisco-Account-Info=\"S$ip\",Idle-Timeout=200" | radclient -x $nas_ip:1700 coa $radius_secret # правильно |
| echo "User-Name=\"$login\",Cisco-Account-Info=\"S$ip\" | radclient -x $nas_ip:1700 disconnect $radius_secret |
| ;; "period_closed") |
| # или echo "User-Name=\"$login\",cisco-avpair=\"subscriber:command=account-logoff\",Cisco-Account-Info=\"S$ip\",Idle-Timeout=200" | radclient -x $nas_ip:1700 coa $radius_secret ;; period_closed | user_data_changed ) |
| LOG INFO "event type: $EVENT $DATA" |
| ;; |
| "user_data_changed") LOG INFO "event type: $EVENT $DATA" ;; |
| |
| "rate_set" ) |
| echo "User-Name=\"$ip_addr\",Cisco-Account-Info=\"S$IP_ADDR\",cisco-avpair+=\"subscriber:service-name=${ceil_in}k_def\",cisco-avpair+=\"subscriber:command=deactivate-service\"" | radclient -x $nas_ip:1700 coa $radius_secret "User-Name=\"$ip_addr\",Cisco-Account-Info=\"S$IP_ADDR\",\ |
| echo "User-Name=\"$ip_addr\",Cisco-Account-Info=\"S$IP_ADDR\",cisco-avpair+=\"subscriber:service-name=${ceil_in}k_def\",cisco-avpair+=\"subscriber:command=activate-service\"" | radclient -x $nas_ip:1700 coa $radius_secret |
| cisco-avpair+=\"subscriber:service-name=SERVICE${ceil_in}\",\ cisco-avpair+=\"subscriber:command=deactivate-service\" | \ radclient -x $nas_ip:1700 coa $radius_secret echo "User-Name=\"$ip_addr\",Cisco-Account-Info=\"S$IP_ADDR\",\ cisco-avpair+=\"subscriber:service-name=SERVICE${ceil_in}\",\ cisco-avpair+=\"subscriber:command=activate-service\" | \ radclient -x $nas_ip:1700 coa $radius_secret |
| ;; |
| |
| *) |
| : |
| ;; esac |
| |
| {code} |
| h2. Настройка тарифа в Carbon Manager RADIUS-параметры: необходимо передавать имя сервиса, генерируемое с помощью $ceil_in и команду _activate-service_ при авторизации пользователей. !Снимок-Тарифный план.png|border=1! Настраиваем ступенчатый тариф !ciscoisg.ruleset.png|border=1! h2. Добавление в список маршрутизаторов !ciscoisg.hardware.png|border=1! |