Вы просматриваете старую версию данной страницы. Смотрите текущую версию.
Сравнить с текущим |
просмотр истории страницы
Интеграция заключается в следующих шагах:
- Настройка сервисов / политик / профилей на оборудовании
- Настройка скрипта event_inc.sh на Ideco ACP для пересылки нужных команд
- Создание и настройка RADIUS-атрибутов в тарифах для пользователей
Внимание!
Все предоставленные примеры не обязательно являются рабочими, использовать их для настройки своего оборудования без понимания принципа действия - категорически запрещено.
Примеры предоставлены исключительно для понимания принципов работы Ideco ACP с сторонним оборудованием.
Настройка оборудования (Cisco 7204 с модулем ISG)
class-map type traffic match-any Redir_to_web match access-group input 101 ! class-map type traffic match-any to_Portal match access-group input 103 ! class-map type traffic match-any Redirect_DNS match access-group input 104 ! class-map type control match-all USER_DROP match authen-status unauthenticated match timer 5Min ! class-map match-all NOT_SHAPE_TRF match access-group 130 policy-map type service NOMONEY class type traffic Redir_to_web redirect to group REDIRECT ! policy-map type service L4REDIRECT_to_DNS class type traffic Redirect_DNS redirect to group REDIRECT_DNS ! policy-map type service L4REDIRECT-ATT class type traffic to_Portal redirect to group REDIRECT class type traffic default input drop ! policy-map type service 512k_DEF service-policy input 512IN service-policy output 512OUT ! policy-map type control RULEISG class type control USER_DROP event timed-policy-expiry 1 service disconnect class type control always event quota-depleted 1 set-param drop-traffic FALSE class type control always event session-start 1 authorize aaa list ISG password cisco identifier source-ip-address 2 service-policy type service name L4REDIRECT_to_DNS 3 service-policy type service name L4REDIRECT-ATT 4 set-timer 5Min 5 class type control always event credit-exhausted 1 service-policy type service name NOMONEY class type control always event service-failed 1 service-policy type service name 512k_DEF 2 log-session-state class type control always event service-stop 1 service-policy type service unapply identifier service-name 2 service-policy type service name 512k_DEF ! policy-map 2000kOUT class NOT_SHAPE_TRF police cir 2000000 bc 375000 be 750000 conform-action transmit exceed-action drop violate-action drop policy-map 2200kIN class NOT_SHAPE_TRF police cir 2200000 bc 412500 be 825000 conform-action transmit exceed-action drop violate-action drop policy-map 300kOUT class NOT_SHAPE_TRF police cir 300000 bc 56250 be 112500 conform-action transmit exceed-action drop violate-action drop policy-map 8000kIN class NOT_SHAPE_TRF police cir 8000000 bc 1500000 be 3000000 conform-action transmit exceed-action drop violate-action drop policy-map 1000kOUT class NOT_SHAPE_TRF police cir 1000000 bc 187500 be 375000 conform-action transmit exceed-action drop violate-action drop policy-map 500kIN class NOT_SHAPE_TRF police cir 500000 bc 93750 be 187500 conform-action transmit exceed-action drop violate-action drop policy-map 1100kIN class NOT_SHAPE_TRF police cir 1100000 bc 206250 be 412500 conform-action transmit exceed-action drop violate-action drop policy-map 3000kOUT class NOT_SHAPE_TRF police cir 3000000 bc 562500 be 1125000 conform-action transmit exceed-action drop violate-action drop policy-map 8000kOUT class NOT_SHAPE_TRF police cir 8000000 bc 1500000 be 3000000 conform-action transmit exceed-action drop violate-action drop policy-map 1024IN class class-default police cir 1024000 bc 192000 be 384000 conform-action transmit exceed-action drop violate-action drop policy-map 600kOUT class NOT_SHAPE_TRF police cir 600000 bc 112500 be 225000 conform-action transmit exceed-action drop violate-action drop policy-map 3000kIN class NOT_SHAPE_TRF police cir 3000000 bc 562500 be 1125000 conform-action transmit exceed-action drop violate-action drop policy-map 50kIN class NOT_SHAPE_TRF police cir 50000 bc 9375 be 18750 conform-action transmit exceed-action drop violate-action drop policy-map 512OUT class class-default police cir 512000 bc 96000 be 192000 conform-action transmit exceed-action drop violate-action drop policy-map 2000kIN class NOT_SHAPE_TRF police cir 2000000 bc 375000 be 750000 conform-action transmit exceed-action drop violate-action drop policy-map 4000kIN class NOT_SHAPE_TRF police cir 4000000 bc 750000 be 1500000 conform-action transmit exceed-action drop violate-action drop policy-map 300kIN class NOT_SHAPE_TRF police cir 300000 bc 56250 be 112500 conform-action transmit exceed-action drop violate-action drop policy-map 256IN class class-default police cir 256000 bc 48000 be 96000 conform-action transmit exceed-action drop violate-action drop policy-map 256OUT class class-default police cir 256000 bc 48000 be 96000 conform-action transmit exceed-action drop violate-action drop policy-map 1500kIN class NOT_SHAPE_TRF police cir 1500000 bc 281250 be 562500 conform-action transmit exceed-action drop violate-action drop policy-map 1024OUT class class-default police cir 1024000 bc 192000 be 384000 conform-action transmit exceed-action drop violate-action drop policy-map 600kIN class NOT_SHAPE_TRF police cir 600000 bc 112500 be 225000 conform-action transmit exceed-action drop violate-action drop policy-map 1100kOUT class NOT_SHAPE_TRF police cir 1100000 bc 206250 be 412500 conform-action transmit exceed-action drop violate-action drop policy-map 512IN class class-default police cir 512000 bc 96000 be 192000 conform-action transmit exceed-action drop violate-action drop policy-map 1000kIN class NOT_SHAPE_TRF police cir 1000000 bc 187500 be 375000 conform-action transmit exceed-action drop violate-action drop policy-map 2500kOUT class NOT_SHAPE_TRF police cir 2500000 bc 468750 be 937500 conform-action transmit exceed-action drop violate-action drop policy-map 50kOUT class NOT_SHAPE_TRF police cir 50000 bc 9375 be 18750 conform-action transmit exceed-action drop violate-action drop policy-map 2200kOUT class NOT_SHAPE_TRF police cir 2200000 bc 412500 be 825000 conform-action transmit exceed-action drop violate-action drop policy-map 150kOUT class NOT_SHAPE_TRF police cir 150000 bc 28125 be 56250 conform-action transmit exceed-action drop violate-action drop policy-map 2500kIN class NOT_SHAPE_TRF police cir 2500000 bc 468750 be 937500 conform-action transmit exceed-action drop violate-action drop policy-map 500kOUT class NOT_SHAPE_TRF police cir 500000 bc 93750 be 187500 conform-action transmit exceed-action drop violate-action drop policy-map 4000kOUT class NOT_SHAPE_TRF police cir 4000000 bc 750000 be 1500000 conform-action transmit exceed-action drop violate-action drop policy-map 150kIN class NOT_SHAPE_TRF police cir 150000 bc 28125 be 56250 conform-action transmit exceed-action drop violate-action drop policy-map 1500kOUT class NOT_SHAPE_TRF police cir 1500000 bc 281250 be 562500 conform-action transmit exceed-action drop violate-action drop
Примеры команд для event_inc.sh
Параметры
- NAS - 192.168.7.2
- IP пользователя - 192.168.7.15
- Логин пользователя - user1234
- Пароль cisco - 1234
repaidReauthReason 9, 253 Control-Info QR1 echo "User-Name=\"192.168.7.15\",cisco-avpair=\"subscriber:command=service-status-query\",cisco-avpair+=\"subscriber:service-name=PREPAID_INT2200\",Cisco-Account-Info=\"S192.168.7.15\"" | radclient -x 192.168.7.2:1700 coa 1234 echo "User-Name=\"user1234\",cisco-avpair=\"subscriber:command=account-logon\",Cisco-Account-Info=\"S10.10.0.1\",Idle-Timeout=200" | /usr/local/bin/radclient -x 10.10.10.10:1700 coa ciscopassword echo "User-Name=\"192.168.7.15\",Cisco-Account-Info=\"S192.168.7.15\",cisco-avpair=\"subscriber:command=profile-status-query\"" | radclient -x 192.168.7.2:1700 coa 1234 echo "User-Name=\"192.168.7.15\",Cisco-Account-Info=\"S192.168.7.15\",cisco-avpair=\"subscriber:command=account-profile-status-query\"" | radclient -x 192.168.7.2:1700 coa 1234
Смена скорости с помощью смены сервиса
ip=192.168.7.15 echo "User-Name=\"$ip\",Cisco-Account-Info=\"S$ip\",cisco-avpair+=\"subscriber:service-name=NOMONEY\",cisco-avpair+=\"subscriber:command=activate-service\"" | \ radclient -x 192.168.7.2:1700 coa 1234
Редирект с помощью смены сервиса
ip=192.168.7.15 echo "User-Name=\"$ip\",Cisco-Account-Info=\"S$ip\",cisco-avpair+=\"subscriber:service-name=L4REDIRECT-ATT\",cisco-avpair+=\"subscriber:command=activate-service\"" | \ radclient -x 192.168.7.2:1700 coa 1234
Пример event_inc.sh
dsa
/usr/bin/selfkiller -30:TERM -50:KILL & disown -a LOG_LEVEL=ALL SENDER=$1; shift EVENT=$1; shift DATA=$@ for VAR in $DATA; do [[ "$VAR" = *"="* ]] && eval ${VAR%%=*}=\'${VAR#*=}\' done LOG INFO "$SENDER $EVENT $DATA" case "$EVENT" in "balance_negative") LOG INFO "event type: $EVENT $DATA" echo "User-Name=\"$ip_addr\",Cisco-Account-Info=\"S$ip_addr\",cisco-avpair+=\"subscriber:service-name=L4REDIRECT-ATT\",cisco-avpair+=\"subscriber:command=deactivate-service\"" | radclient -x $nas_ip:1700 coa 1234 echo "User-Name=\"$ip_addr\",Cisco-Account-Info=\"S$ip_addr\",cisco-avpair+=\"subscriber:service-name=L4REDIRECT-ATT\",cisco-avpair+=\"subscriber:command=activate-service\"" | radclient -x $nas_ip:1700 coa 1234 ;; "balance_positive") LOG INFO "event type: $EVENT $DATA" sendsms "ГородТелеком%20доступ%20разрешен" ;; "login") LOG INFO "event type: $EVENT $DATA" ;; "logout") LOG INFO "event type: $EVENT $DATA" ;; "period_closed") LOG INFO "event type: $EVENT $DATA" ;; "user_data_changed") LOG INFO "event type: $EVENT $DATA" ;; "rate_set" ) echo "User-Name=\"$ip_addr\",Cisco-Account-Info=\"S$IP_ADDR\",cisco-avpair+=\"subscriber:service-name=${ceil_in}k_def\",cisco-avpair+=\"subscriber:command=deactivate-service\"" | radclient -x $nas_ip:1700 coa 1234 echo "User-Name=\"$ip_addr\",Cisco-Account-Info=\"S$IP_ADDR\",cisco-avpair+=\"subscriber:service-name=${ceil_in}k_def\",cisco-avpair+=\"subscriber:command=activate-service\"" | radclient -x $nas_ip:1700 coa 1234 ;; *) : ;; esac
das