Интеграция заключается в следующих шагах:
- Настройка сервисов / политик / профилей на оборудовании
- Настройка скрипта event_inc.sh на Ideco ACP для пересылки нужных команд
- Создание и настройка RADIUS-атрибутов в тарифах для пользователей
Внимание!
Все предоставленные примеры не обязательно являются рабочими, использовать их для настройки своего оборудования без понимания принципа действия - категорически запрещено.
Примеры предоставлены исключительно для понимания принципов работы Ideco ACP с сторонним оборудованием.
Настройка оборудования (Cisco 7204 с модулем ISG)
class-map type traffic match-any Redir_to_web match access-group input 101 ! class-map type traffic match-any to_Portal match access-group input 103 ! class-map type traffic match-any Redirect_DNS match access-group input 104 ! class-map type control match-all USER_DROP match authen-status unauthenticated match timer 5Min ! class-map match-all NOT_SHAPE_TRF match access-group 130 policy-map type service NOMONEY class type traffic Redir_to_web redirect to group REDIRECT ! policy-map type service L4REDIRECT_to_DNS class type traffic Redirect_DNS redirect to group REDIRECT_DNS ! policy-map type service L4REDIRECT-ATT class type traffic to_Portal redirect to group REDIRECT class type traffic default input drop ! policy-map type service 512k_DEF service-policy input 512IN service-policy output 512OUT ! policy-map type control RULEISG class type control USER_DROP event timed-policy-expiry 1 service disconnect class type control always event quota-depleted 1 set-param drop-traffic FALSE class type control always event session-start 1 authorize aaa list ISG password cisco identifier source-ip-address 2 service-policy type service name L4REDIRECT_to_DNS 3 service-policy type service name L4REDIRECT-ATT 4 set-timer 5Min 5 class type control always event credit-exhausted 1 service-policy type service name NOMONEY class type control always event service-failed 1 service-policy type service name 512k_DEF 2 log-session-state class type control always event service-stop 1 service-policy type service unapply identifier service-name 2 service-policy type service name 512k_DEF ! policy-map 2000kOUT class NOT_SHAPE_TRF police cir 2000000 bc 375000 be 750000 conform-action transmit exceed-action drop violate-action drop policy-map 2200kIN class NOT_SHAPE_TRF police cir 2200000 bc 412500 be 825000 conform-action transmit exceed-action drop violate-action drop policy-map 300kOUT class NOT_SHAPE_TRF police cir 300000 bc 56250 be 112500 conform-action transmit exceed-action drop violate-action drop policy-map 8000kIN class NOT_SHAPE_TRF police cir 8000000 bc 1500000 be 3000000 conform-action transmit exceed-action drop violate-action drop policy-map 1000kOUT class NOT_SHAPE_TRF police cir 1000000 bc 187500 be 375000 conform-action transmit exceed-action drop violate-action drop policy-map 500kIN class NOT_SHAPE_TRF police cir 500000 bc 93750 be 187500 conform-action transmit exceed-action drop violate-action drop policy-map 1100kIN class NOT_SHAPE_TRF police cir 1100000 bc 206250 be 412500 conform-action transmit exceed-action drop violate-action drop policy-map 3000kOUT class NOT_SHAPE_TRF police cir 3000000 bc 562500 be 1125000 conform-action transmit exceed-action drop violate-action drop policy-map 8000kOUT class NOT_SHAPE_TRF police cir 8000000 bc 1500000 be 3000000 conform-action transmit exceed-action drop violate-action drop policy-map 1024IN class class-default police cir 1024000 bc 192000 be 384000 conform-action transmit exceed-action drop violate-action drop policy-map 600kOUT class NOT_SHAPE_TRF police cir 600000 bc 112500 be 225000 conform-action transmit exceed-action drop violate-action drop policy-map 3000kIN class NOT_SHAPE_TRF police cir 3000000 bc 562500 be 1125000 conform-action transmit exceed-action drop violate-action drop policy-map 50kIN class NOT_SHAPE_TRF police cir 50000 bc 9375 be 18750 conform-action transmit exceed-action drop violate-action drop policy-map 512OUT class class-default police cir 512000 bc 96000 be 192000 conform-action transmit exceed-action drop violate-action drop policy-map 2000kIN class NOT_SHAPE_TRF police cir 2000000 bc 375000 be 750000 conform-action transmit exceed-action drop violate-action drop policy-map 4000kIN class NOT_SHAPE_TRF police cir 4000000 bc 750000 be 1500000 conform-action transmit exceed-action drop violate-action drop policy-map 300kIN class NOT_SHAPE_TRF police cir 300000 bc 56250 be 112500 conform-action transmit exceed-action drop violate-action drop policy-map 256IN class class-default police cir 256000 bc 48000 be 96000 conform-action transmit exceed-action drop violate-action drop policy-map 256OUT class class-default police cir 256000 bc 48000 be 96000 conform-action transmit exceed-action drop violate-action drop policy-map 1500kIN class NOT_SHAPE_TRF police cir 1500000 bc 281250 be 562500 conform-action transmit exceed-action drop violate-action drop policy-map 1024OUT class class-default police cir 1024000 bc 192000 be 384000 conform-action transmit exceed-action drop violate-action drop policy-map 600kIN class NOT_SHAPE_TRF police cir 600000 bc 112500 be 225000 conform-action transmit exceed-action drop violate-action drop policy-map 1100kOUT class NOT_SHAPE_TRF police cir 1100000 bc 206250 be 412500 conform-action transmit exceed-action drop violate-action drop policy-map 512IN class class-default police cir 512000 bc 96000 be 192000 conform-action transmit exceed-action drop violate-action drop policy-map 1000kIN class NOT_SHAPE_TRF police cir 1000000 bc 187500 be 375000 conform-action transmit exceed-action drop violate-action drop policy-map 2500kOUT class NOT_SHAPE_TRF police cir 2500000 bc 468750 be 937500 conform-action transmit exceed-action drop violate-action drop policy-map 50kOUT class NOT_SHAPE_TRF police cir 50000 bc 9375 be 18750 conform-action transmit exceed-action drop violate-action drop policy-map 2200kOUT class NOT_SHAPE_TRF police cir 2200000 bc 412500 be 825000 conform-action transmit exceed-action drop violate-action drop policy-map 150kOUT class NOT_SHAPE_TRF police cir 150000 bc 28125 be 56250 conform-action transmit exceed-action drop violate-action drop policy-map 2500kIN class NOT_SHAPE_TRF police cir 2500000 bc 468750 be 937500 conform-action transmit exceed-action drop violate-action drop policy-map 500kOUT class NOT_SHAPE_TRF police cir 500000 bc 93750 be 187500 conform-action transmit exceed-action drop violate-action drop policy-map 4000kOUT class NOT_SHAPE_TRF police cir 4000000 bc 750000 be 1500000 conform-action transmit exceed-action drop violate-action drop policy-map 150kIN class NOT_SHAPE_TRF police cir 150000 bc 28125 be 56250 conform-action transmit exceed-action drop violate-action drop policy-map 1500kOUT class NOT_SHAPE_TRF police cir 1500000 bc 281250 be 562500 conform-action transmit exceed-action drop violate-action drop
Настройка АСР
#TODO write event_inc.sh
repaidReauthReason 9, 253 Control-Info QR1
/bin/echo "User-Name=\"95.129.77.130\",cisco-avpair=\"subscriber:command=service-status-query\",cisco-avpair+=\"subscriber:service-name=PREPAID_INT2200\",Cisco-Account-Info=\"S$WHITEIP\"" | radclient -x $GREYIP:1700 coa 1234 /bin/echo "User-Name=\"95.129.77.130\",Cisco-Account-Info=\"S95.129.77.130\",cisco-avpair=\"subscriber:command=account-status-query\"" | radclient -x $GREYIP:1700 coa 1234 /bin/echo "User-Name=\"f_annychka\",cisco-avpair=\"subscriber:command=account-logon\",Cisco-Account-Info=\"S10.10.0.1\",Idle-Timeout=200" | /usr/local/bin/radclient -x $GREYIP2:1700 coa cisco555 /bin/echo "User-Name=\"95.129.77.130\",Cisco-Account-Info=\"S95.129.77.130\",cisco-avpair=\"subscriber:command=profile-status-query\"" | radclient -x $GREYIP:1700 coa 1234 /bin/echo "User-Name=\"95.129.77.130\",Cisco-Account-Info=\"S95.129.77.130\",cisco-avpair=\"subscriber:command=account-profile-status-query\"" | radclient -x $GREYIP:1700 coa 1234
Смена сервис то есть скорости
ip=95.129.77.2 ;echo "User-Name=\"$ip\",Cisco-Account-Info=\"S$ip\",cisco-avpair+=\"subscriber:service-name=NOMONEY\",cisco-avpair+=\"subscriber:command=activate-service\"" | radclient -x 10.254.254.253:1700 coa 1234
Редирект через смену сервиса
ip=95.129.77.2 ;echo "User-Name=\"$ip\",Cisco-Account-Info=\"S$ip\",cisco-avpair+=\"subscriber:service-name=L4REDIRECT-ATT\",cisco-avpair+=\"subscriber:command=activate-service\"" | radclient -x 10.254.254.253:1700 coa 1234