Вы просматриваете старую версию данной страницы. Смотрите текущую версию.
Сравнить с текущим |
просмотр истории страницы
Интеграция заключается в следующих шагах:
- Настройка сервисов / политик / профилей на оборудовании
- Настройка скрипта event_inc.sh на Ideco ACP для пересылки нужных команд
- Создание и настройка RADIUS-атрибутов в тарифах для пользователей
- Настройка отправки NetFlow
- Тестирование типовых ситуаций, подключение абонентов, отключение, превышен лимит, пришла оплата, удаление, создание, изменение скорости.
- Ввод в эксплуатацию
Внимание!
Все предоставленные примеры не обязательно являются рабочими, использовать их для настройки своего оборудования без понимания принципа действия не рекомендуется.
Примеры предоставлены исключительно для понимания принципов работы Ideco ACP с сторонним оборудованием.
Настройка сервисов на оборудовании
radius service profile RSE-BASED-INET-LOCAL parameter value Rate-Inet 1000 parameter value Burst-Inet 125000 parameter value ExBurst-Inet 250000 parameter value Rate-Local 1000 parameter value Burst-Local 125000 parameter value ExBurst-Local 250000 accounting in qos "cls-Local cls-Inet" accounting out qos "cls-Local cls-Inet" seq 10 attribute Dynamic-Policy-Filter "ip in forward class cls-Inet qos" seq 20 attribute Dynamic-Policy-Filter "ip out forward class cls-Inet qos" seq 30 attribute Dynamic-Policy-Filter "ip in forward class cls-Local qos" seq 40 attribute Dynamic-Policy-Filter "ip out forward class cls-Local qos" seq 50 attribute Dynamic-Qos-Parameter "meter-class-rate cls-Inet rate-absolute $Rate-Inet" seq 60 attribute Dynamic-Qos-Parameter "meter-class-burst cls-Inet $Burst-Inet" seq 70 attribute Dynamic-Qos-Parameter "meter-class-excess-burst cls-Inet $ExBurst-Inet" seq 80 attribute Dynamic-Qos-Parameter "police-class-rate cls-Inet rate-absolute $Rate-Inet" seq 90 attribute Dynamic-Qos-Parameter "police-class-burst cls-Inet $Burst-Inet" seq 100 attribute Dynamic-Qos-Parameter "police-class-excess-burst cls-Inet $ExBurst-Inet" seq 110 attribute Dynamic-Qos-Parameter "meter-class-rate cls-Local rate-absolute $Rate-Local" seq 120 attribute Dynamic-Qos-Parameter "meter-class-burst cls-Local $Burst-Local" seq 130 attribute Dynamic-Qos-Parameter "meter-class-excess-burst cls-Local $ExBurst-Local" seq 140 attribute Dynamic-Qos-Parameter "police-class-rate cls-Local rate-absolute $Rate-Local" seq 150 attribute Dynamic-Qos-Parameter "police-class-burst cls-Local $Burst-Local" seq 160 attribute Dynamic-Qos-Parameter "police-class-excess-burst cls-Local $ExBurst-Local" seq 170 attribute Service-Interim-Accounting 1200 ! radius service profile service1024 accounting in qos "cls-Local cls-Inet" accounting out qos "cls-Local cls-Inet" seq 10 attribute Dynamic-Policy-Filter "ip in forward class cls-Inet qos" seq 20 attribute Dynamic-Policy-Filter "ip out forward class cls-Inet qos" seq 30 attribute Dynamic-Policy-Filter "ip in forward class cls-Local qos" seq 40 attribute Dynamic-Policy-Filter "ip out forward class cls-Local qos" seq 50 attribute Dynamic-Qos-Parameter "meter-class-rate cls-Inet rate-absolute 1000" seq 60 attribute Dynamic-Qos-Parameter "meter-class-burst cls-Inet 125000" seq 70 attribute Dynamic-Qos-Parameter "meter-class-excess-burst cls-Inet 250000" seq 80 attribute Dynamic-Qos-Parameter "police-class-rate cls-Inet rate-absolute 1000" seq 90 attribute Dynamic-Qos-Parameter "police-class-burst cls-Inet 125000" seq 100 attribute Dynamic-Qos-Parameter "police-class-excess-burst cls-Inet 250000" seq 110 attribute Dynamic-Qos-Parameter "meter-class-rate cls-Local rate-absolute 50000" seq 120 attribute Dynamic-Qos-Parameter "meter-class-burst cls-Local 6250000" seq 130 attribute Dynamic-Qos-Parameter "meter-class-excess-burst cls-Local 125000000" seq 140 attribute Dynamic-Qos-Parameter "police-class-rate cls-Local rate-absolute 50000" seq 150 attribute Dynamic-Qos-Parameter "police-class-burst cls-Local 6250000" seq 160 attribute Dynamic-Qos-Parameter "police-class-excess-burst cls-Local 125000000" seq 170 attribute Service-Interim-Accounting 900 ! radius service profile service2048 accounting in qos "cls-Local cls-Inet" accounting out qos "cls-Local cls-Inet" seq 10 attribute Dynamic-Policy-Filter "ip in forward class cls-Inet qos" seq 20 attribute Dynamic-Policy-Filter "ip out forward class cls-Inet qos" seq 30 attribute Dynamic-Policy-Filter "ip in forward class cls-Local qos" seq 40 attribute Dynamic-Policy-Filter "ip out forward class cls-Local qos" seq 50 attribute Dynamic-Qos-Parameter "meter-class-rate cls-Inet rate-absolute 2000" seq 60 attribute Dynamic-Qos-Parameter "meter-class-burst cls-Inet 250000" seq 70 attribute Dynamic-Qos-Parameter "meter-class-excess-burst cls-Inet 500000" seq 80 attribute Dynamic-Qos-Parameter "police-class-rate cls-Inet rate-absolute 2000" seq 90 attribute Dynamic-Qos-Parameter "police-class-burst cls-Inet 250000" seq 100 attribute Dynamic-Qos-Parameter "police-class-excess-burst cls-Inet 500000" seq 110 attribute Dynamic-Qos-Parameter "meter-class-rate cls-Local rate-absolute 50000" seq 120 attribute Dynamic-Qos-Parameter "meter-class-burst cls-Local 6250000" seq 130 attribute Dynamic-Qos-Parameter "meter-class-excess-burst cls-Local 125000000" seq 140 attribute Dynamic-Qos-Parameter "police-class-rate cls-Local rate-absolute 50000" seq 150 attribute Dynamic-Qos-Parameter "police-class-burst cls-Local 6250000" seq 160 attribute Dynamic-Qos-Parameter "police-class-excess-burst cls-Local 125000000" seq 170 attribute Service-Interim-Accounting 1200 ! radius service profile service3072 accounting in qos "cls-Local cls-Inet" accounting out qos "cls-Local cls-Inet" seq 10 attribute Dynamic-Policy-Filter "ip in forward class cls-Inet qos" seq 20 attribute Dynamic-Policy-Filter "ip out forward class cls-Inet qos" seq 30 attribute Dynamic-Policy-Filter "ip in forward class cls-Local qos" seq 40 attribute Dynamic-Policy-Filter "ip out forward class cls-Local qos" seq 50 attribute Dynamic-Qos-Parameter "meter-class-rate cls-Inet rate-absolute 3000" seq 60 attribute Dynamic-Qos-Parameter "meter-class-burst cls-Inet 375000" seq 70 attribute Dynamic-Qos-Parameter "meter-class-excess-burst cls-Inet 750000" seq 80 attribute Dynamic-Qos-Parameter "police-class-rate cls-Inet rate-absolute 3000" seq 90 attribute Dynamic-Qos-Parameter "police-class-burst cls-Inet 375000" seq 100 attribute Dynamic-Qos-Parameter "police-class-excess-burst cls-Inet 750000" seq 110 attribute Dynamic-Qos-Parameter "meter-class-rate cls-Local rate-absolute 50000" seq 120 attribute Dynamic-Qos-Parameter "meter-class-burst cls-Local 6250000" seq 130 attribute Dynamic-Qos-Parameter "meter-class-excess-burst cls-Local 125000000" seq 140 attribute Dynamic-Qos-Parameter "police-class-rate cls-Local rate-absolute 50000" seq 150 attribute Dynamic-Qos-Parameter "police-class-burst cls-Local 6250000" seq 160 attribute Dynamic-Qos-Parameter "police-class-excess-burst cls-Local 125000000" seq 170 attribute Service-Interim-Accounting 1200 ! radius service profile service4096 accounting in qos "cls-Local cls-Inet" accounting out qos "cls-Local cls-Inet" seq 10 attribute Dynamic-Policy-Filter "ip in forward class cls-Inet qos" seq 20 attribute Dynamic-Policy-Filter "ip out forward class cls-Inet qos" seq 30 attribute Dynamic-Policy-Filter "ip in forward class cls-Local qos" seq 40 attribute Dynamic-Policy-Filter "ip out forward class cls-Local qos" seq 50 attribute Dynamic-Qos-Parameter "meter-class-rate cls-Inet rate-absolute 4000" seq 60 attribute Dynamic-Qos-Parameter "meter-class-burst cls-Inet 500000" seq 70 attribute Dynamic-Qos-Parameter "meter-class-excess-burst cls-Inet 1000000" seq 80 attribute Dynamic-Qos-Parameter "police-class-rate cls-Inet rate-absolute 4000" seq 90 attribute Dynamic-Qos-Parameter "police-class-burst cls-Inet 500000" seq 100 attribute Dynamic-Qos-Parameter "police-class-excess-burst cls-Inet 1000000" seq 110 attribute Dynamic-Qos-Parameter "meter-class-rate cls-Local rate-absolute 50000" seq 120 attribute Dynamic-Qos-Parameter "meter-class-burst cls-Local 6250000" seq 130 attribute Dynamic-Qos-Parameter "meter-class-excess-burst cls-Local 125000000" seq 140 attribute Dynamic-Qos-Parameter "police-class-rate cls-Local rate-absolute 50000" seq 150 attribute Dynamic-Qos-Parameter "police-class-burst cls-Local 6250000" seq 160 attribute Dynamic-Qos-Parameter "police-class-excess-burst cls-Local 125000000" seq 170 attribute Service-Interim-Accounting 1200 ! radius service profile service512 parameter value Rate-Inet 500 parameter value Burst-Inet 62500 parameter value ExBurst-Inet 125000 parameter value Rate-Local 50000 parameter value Burst-Local 6250000 parameter value ExBurst-Local 125000000 accounting in qos "cls-Local cls-Inet" accounting out qos "cls-Local cls-Inet" seq 10 attribute Dynamic-Policy-Filter "ip in forward class cls-Inet qos" seq 20 attribute Dynamic-Policy-Filter "ip out forward class cls-Inet qos" seq 30 attribute Dynamic-Policy-Filter "ip in forward class cls-Local qos" seq 40 attribute Dynamic-Policy-Filter "ip out forward class cls-Local qos" seq 50 attribute Dynamic-Qos-Parameter "meter-class-rate cls-Inet rate-absolute $Rate-Inet" seq 60 attribute Dynamic-Qos-Parameter "meter-class-burst cls-Inet $Burst-Inet" seq 70 attribute Dynamic-Qos-Parameter "meter-class-excess-burst cls-Inet $ExBurst-Inet" seq 80 attribute Dynamic-Qos-Parameter "police-class-rate cls-Inet rate-absolute $Rate-Inet" seq 90 attribute Dynamic-Qos-Parameter "police-class-burst cls-Inet $Burst-Inet" seq 100 attribute Dynamic-Qos-Parameter "police-class-excess-burst cls-Inet $ExBurst-Inet" seq 110 attribute Dynamic-Qos-Parameter "meter-class-rate cls-Local rate-absolute $Rate-Local" seq 120 attribute Dynamic-Qos-Parameter "meter-class-burst cls-Local $Burst-Local" seq 130 attribute Dynamic-Qos-Parameter "meter-class-excess-burst cls-Local $ExBurst-Local" seq 140 attribute Dynamic-Qos-Parameter "police-class-rate cls-Local rate-absolute $Rate-Local" seq 150 attribute Dynamic-Qos-Parameter "police-class-burst cls-Local $Burst-Local" seq 160 attribute Dynamic-Qos-Parameter "police-class-excess-burst cls-Local $ExBurst-Local" seq 170 attribute Service-Interim-Accounting 1200
Настройка ACP (event_inc.sh)
selfkiller -30:TERM -50:KILL & disown -a LOG_LEVEL=ALL SENDER=$1; shift EVENT=$1; shift DATA=$@ for VAR in $DATA; do [[ "$VAR" = *"="* ]] && eval ${VAR%%=*}=\'${VAR#*=}\' done LOG INFO "$SENDER $EVENT $DATA" { case "$EVENT" in "balance_negative") LOG INFO "event type: $EVENT $DATA" echo "Acct-Session-Id=\"$acct_session_id\",HTTP-Redirect-Profile-Name=\"NOAUTH\",Forward-Policy=\"in:NOAUTH-IPOE\"" | radclient -x $nas_ip:1700 coa redback ;; "balance_positive") LOG INFO "event type: $EVENT $DATA" echo "Acct-Session-Id=\"$acct_session_id\",Forward-Policy = \"in:\"" | radclient -x $nas_ip:1700 coa redback ;; "login") LOG INFO "event type: $EVENT $DATA" [ "$over_limit" = 1 ] && echo "Acct-Session-Id=\"$acct_session_id\",HTTP-Redirect-Profile-Name=\"NOAUTH\",Forward-Policy=\"in:NOAUTH-IPOE\"" | radclient -x $nas_ip:1700 coa redback [ "$over_limit" = 0 ] && echo "Acct-Session-Id=\"$acct_session_id\",Forward-Policy = \"in:\"" | radclient -x $nas_ip:1700 coa redback ;; "logout") LOG INFO "event type: $EVENT $DATA" echo "Acct-Session-Id=\"$acct_session_id\",HTTP-Redirect-Profile-Name=\"NOAUTH\",Forward-Policy=\"in:NOAUTH-IPOE\"" | radclient -x $nas_ip:1700 coa redback [ "$deleted" = 1 ] && echo "Acct-Session-Id=\"$acct_session_id\"" | radclient -x $nas_ip:1700 disconnect redback ;; "rate_set") LOG INFO "event type: $EVENT $DATA" echo "Acct-Session-Id=\"$acct_session_id\",Deactivate-Service-Name=\"service$ceil_in\"" | radclient -x $nas_ip:1700 coa redback; echo "Acct-Session-Id=\"$acct_session_id\",Service-Name=\"service$ceil_in\",Service-Action=\"0\"" | radclient -x $nas_ip:1700 coa redback; [ "$over_limit" = 1 ] && echo "Acct-Session-Id=\"$acct_session_id\",HTTP-Redirect-Profile-Name=\"NOAUTH\",Forward-Policy=\"in:NOAUTH-IPOE\"" | radclient -x $nas_ip:1700 coa redback ;; "period_closed") LOG INFO "event type: $EVENT $DATA" ;; "try_double_login") LOG INFO "event type: $EVENT $DATA" echo "Acct-Session-Id=\"$acct_session_id\"" | radclient -x $nas_ip:1700 disconnect redback ;; "user_data_changed") LOG INFO "event type: $EVENT $DATA" [ "$over_limit" = 1 ] && echo "Acct-Session-Id=\"$acct_session_id\",HTTP-Redirect-Profile-Name=\"NOAUTH\",Forward-Policy=\"in:NOAUTH-IPOE\"" | radclient -x $nas_ip:1700 coa redback [ "$over_limit" = 0 ] && echo "Acct-Session-Id=\"$acct_session_id\",Forward-Policy = \"in:\"" | radclient -x $nas_ip:1700 coa redback [ "$deleted" = 1 ] && echo "Acct-Session-Id=\"$acct_session_id\"" | radclient -x $nas_ip:1700 disconnect redback ;; "user_del") LOG INFO "event type: $EVENT $DATA" [ "$deleted" = 1 ] && echo "Acct-Session-Id=\"$acct_session_id\"" | radclient -x $nas_ip:1700 disconnect redback ;; *) : ;; esac }
Пример тарифа
Настройка RADIUS-атрибутов тарифа
Настройка отправки Netflow-потоков на АСР
Необходимо настроить на redback отправку netflow потоков на IP-адрес Ideco ACP, порт 9996 (по умолчанию).
