Для настраивающих данное оборудование впервые будет полезно прочитать данный конфигурационный файл полностью.
Для более опытных специалистов интересующая информация (создание сервисов) выделена курсивом.
h2. Настройка оборудования
{panel}
service multiple-contexts
service inter-context routing
\!
flow admission-control profile heavy-user
max-flows-per-circuit 100
sustained-creation-rate 10
burst-creation-rate 20
\!
flow ip profile p1
active-timeout 1000
inactive-timeout 10
aggregation-cache-size 8192
\!
context local
\!
no ip domain-lookup
\!
interface GNC
ip address 192.168.97.166/30
\!
interface vlan150-upravlenie
ip address 172.16.10.1/24
ip access-group acl-for-v150-relays-only in
\!
interface vlan99-colocation
ip address 172.16.5.1/24
logging console
\!
ip access-list acl-for-v150-relays-only
seq 10 permit ip 172.16.10.0 0.0.0.255
seq 20 permit ip host 10.64.0.178
\!
ip access-list admin-access
seq 10 permit tcp any any eq ssh
seq 20 deny tcp any any eq telnet
\!
ip prefix-list MyBGPAllOut
description Filter BGP Out My Networks
seq 10 permit 10.128.72.0/21
\!
router bgp 12345
router-id 192.168.97.166
address-family ipv4 unicast
redistribute static
aggregate-address 10.128.72.0/21
network 10.128.72.0/21
\!
neighbor 192.168.97.165 external
remote-as 54321
address-family ipv4 unicast
prefix-list MyBGPAllOut out
\!
enable encrypted 1 $1$........$here was a hash
\!
aaa authentication administrator local
aaa authentication administrator maximum sessions 12
\!
administrator \*\**\**\*\* encrypted *\**\********************.
administrator ro encrypted \*******************\*
\!
ip route 0.0.0.0/0 192.168.97.165
ip route 4.4.4.4/32 context arm
ip route 10.64.10.0/30 context arm
ip route 10.64.0.96/29 172.16.5.5 connected tag 101
ip route 10.64.0.160/28 172.16.172.16 connected tag 200
ip route 10.64.0.176/29 172.16.5.5 connected tag 199
ip route 10.64.0.184/29 context arm
ip route 10.128.72.0/26 172.16.5.5 connected tag 101
ip route 10.128.72.0/21 null0 distance 200
no service telnet server
\!
context arm
\!
no ip domain-lookup
\!
interface clients_10.64.0.184/29 multibind
ip address 10.64.0.190/29
dhcp proxy 254
\!
interface loop0 loopback
ip address 4.4.4.4/32
\!
interface to-L3-Relay-001 p2p
ip address 10.64.192.168/30
ip source-address radius dhcp-server flow-ip
ip access-group acl-for-l3-relays-only in
no logging console
\!
ip access-list acl-for-l3-relays-only
seq 10 permit ip 10.64.0.160 0.0.0.15
seq 20 permit ip host 10.64.0.178
seq 30 permit ip host 10.64.0.185
seq 40 permit ip 172.16.0.0 0.0.255.255
\!
policy access-list HTTP-REDIRECT
seq 10 permit ip any host 8.8.8.8 class CLS-NORMAL
seq 20 permit ip any host 8.8.4.4 class CLS-NORMAL
seq 30 permit tcp any host 10.64.0.98 eq 67 class CLS-NORMAL
seq 31 permit tcp any host 10.64.0.98 eq 68 class CLS-NORMAL
seq 35 permit tcp any host 15.16.17.18 eq www class CLS-NORMAL
seq 40 permit tcp any any eq www class CLS-REDIRECT
seq 50 permit ip any any class CLS-DROP
\!
policy access-list acl-classess-in
seq 10 permit ip any 172.16.5.0 0.0.0.255 class cls-Local
seq 20 permit ip any 10.64.0.184 0.0.0.7 class cls-Local
seq 30 permit ip any any class cls-Inet
\!
policy access-list acl-classess-out
seq 10 permit ip 172.16.5.0 0.0.0.255 any class cls-Local
seq 20 permit ip 10.64.0.184 0.0.0.7 any class cls-Local
seq 30 permit ip any any class cls-Inet
\!
http-redirect profile NOAUTH
url "http://vpn.mydomain.ru"
\!
aaa authentication administrator local
aaa authentication administrator maximum sessions 1
aaa authentication subscriber radius
aaa accounting subscriber radius
aaa update subscriber 10
aaa accounting event dhcp
aaa accounting suppress-acct-on-fail
radius accounting server 10.64.0.98 encrypted-key \****************\*
radius coa server 10.64.0.98 encrypted-key \*************\* port 1700
\!
radius server 10.64.0.98 encrypted-key \****************\*
radius attribute nas-ip-address interface to-L3-Relay-001
radius attribute calling-station-id format agent-circuit-id agent-remote-id non-ascii
radius attribute calling-station-id separator #
radius attribute nas-port format session-info
radius attribute nas-identifier Redback
\!
subscriber default
qos policy policing default-in
qos policy metering default-out
dhcp max-addrs 1
flow apply admission-control profile heavy-user bidirectional
flow apply ip profile p1 both
\!
*radius service profile RSE-BASED-INET-LOCAL*
*parameter value Rate-Inet 1000*
*parameter value Burst-Inet 125000*
*parameter value ExBurst-Inet 250000*
*parameter value Rate-Local 1000*
*parameter value Burst-Local 125000*
*parameter value ExBurst-Local 250000*
*accounting in qos "cls-Local cls-Inet"*
*accounting out qos "cls-Local cls-Inet"*
*seq 10 attribute Dynamic-Policy-Filter "ip in forward class cls-Inet qos"*
*seq 20 attribute Dynamic-Policy-Filter "ip out forward class cls-Inet qos"*
*seq 30 attribute Dynamic-Policy-Filter "ip in forward class cls-Local qos"*
*seq 40 attribute Dynamic-Policy-Filter "ip out forward class cls-Local qos"*
*seq 50 attribute Dynamic-Qos-Parameter "meter-class-rate cls-Inet rate-absolute $Rate-Inet"*
*seq 60 attribute Dynamic-Qos-Parameter "meter-class-burst cls-Inet $Burst-Inet"*
*seq 70 attribute Dynamic-Qos-Parameter "meter-class-excess-burst cls-Inet $ExBurst-Inet"*
*seq 80 attribute Dynamic-Qos-Parameter "police-class-rate cls-Inet rate-absolute $Rate-Inet"*
*seq 90 attribute Dynamic-Qos-Parameter "police-class-burst cls-Inet $Burst-Inet"*
*seq 100 attribute Dynamic-Qos-Parameter "police-class-excess-burst cls-Inet $ExBurst-Inet"*
*seq 110 attribute Dynamic-Qos-Parameter "meter-class-rate cls-Local rate-absolute $Rate-Local"*
*seq 120 attribute Dynamic-Qos-Parameter "meter-class-burst cls-Local $Burst-Local"*
*seq 130 attribute Dynamic-Qos-Parameter "meter-class-excess-burst cls-Local $ExBurst-Local"*
*seq 140 attribute Dynamic-Qos-Parameter "police-class-rate cls-Local rate-absolute $Rate-Local"*
*seq 150 attribute Dynamic-Qos-Parameter "police-class-burst cls-Local $Burst-Local"*
*seq 160 attribute Dynamic-Qos-Parameter "police-class-excess-burst cls-Local $ExBurst-Local"*
*seq 170 attribute Service-Interim-Accounting 1200*
*\!*
*radius service profile service1024*
*accounting in qos "cls-Local cls-Inet"*
*accounting out qos "cls-Local cls-Inet"*
*seq 10 attribute Dynamic-Policy-Filter "ip in forward class cls-Inet qos"*
*seq 20 attribute Dynamic-Policy-Filter "ip out forward class cls-Inet qos"*
*seq 30 attribute Dynamic-Policy-Filter "ip in forward class cls-Local qos"*
*seq 40 attribute Dynamic-Policy-Filter "ip out forward class cls-Local qos"*
*seq 50 attribute Dynamic-Qos-Parameter "meter-class-rate cls-Inet rate-absolute 1000"*
*seq 60 attribute Dynamic-Qos-Parameter "meter-class-burst cls-Inet 125000"*
*seq 70 attribute Dynamic-Qos-Parameter "meter-class-excess-burst cls-Inet 250000"*
*seq 80 attribute Dynamic-Qos-Parameter "police-class-rate cls-Inet rate-absolute 1000"*
*seq 90 attribute Dynamic-Qos-Parameter "police-class-burst cls-Inet 125000"*
*seq 100 attribute Dynamic-Qos-Parameter "police-class-excess-burst cls-Inet 250000"*
*seq 110 attribute Dynamic-Qos-Parameter "meter-class-rate cls-Local rate-absolute 50000"*
*seq 120 attribute Dynamic-Qos-Parameter "meter-class-burst cls-Local 6250000"*
*seq 130 attribute Dynamic-Qos-Parameter "meter-class-excess-burst cls-Local 125000000"*
*seq 140 attribute Dynamic-Qos-Parameter "police-class-rate cls-Local rate-absolute 50000"*
*seq 150 attribute Dynamic-Qos-Parameter "police-class-burst cls-Local 6250000"*
*seq 160 attribute Dynamic-Qos-Parameter "police-class-excess-burst cls-Local 125000000"*
*seq 170 attribute Service-Interim-Accounting 900*
*\!*
*radius service profile service2048*
*accounting in qos "cls-Local cls-Inet"*
*accounting out qos "cls-Local cls-Inet"*
*seq 10 attribute Dynamic-Policy-Filter "ip in forward class cls-Inet qos"*
*seq 20 attribute Dynamic-Policy-Filter "ip out forward class cls-Inet qos"*
*seq 30 attribute Dynamic-Policy-Filter "ip in forward class cls-Local qos"*
*seq 40 attribute Dynamic-Policy-Filter "ip out forward class cls-Local qos"*
*seq 50 attribute Dynamic-Qos-Parameter "meter-class-rate cls-Inet rate-absolute 2000"*
*seq 60 attribute Dynamic-Qos-Parameter "meter-class-burst cls-Inet 250000"*
*seq 70 attribute Dynamic-Qos-Parameter "meter-class-excess-burst cls-Inet 500000"*
*seq 80 attribute Dynamic-Qos-Parameter "police-class-rate cls-Inet rate-absolute 2000"*
*seq 90 attribute Dynamic-Qos-Parameter "police-class-burst cls-Inet 250000"*
*seq 100 attribute Dynamic-Qos-Parameter "police-class-excess-burst cls-Inet 500000"*
*seq 110 attribute Dynamic-Qos-Parameter "meter-class-rate cls-Local rate-absolute 50000"*
*seq 120 attribute Dynamic-Qos-Parameter "meter-class-burst cls-Local 6250000"*
*seq 130 attribute Dynamic-Qos-Parameter "meter-class-excess-burst cls-Local 125000000"*
*seq 140 attribute Dynamic-Qos-Parameter "police-class-rate cls-Local rate-absolute 50000"*
*seq 150 attribute Dynamic-Qos-Parameter "police-class-burst cls-Local 6250000"*
*seq 160 attribute Dynamic-Qos-Parameter "police-class-excess-burst cls-Local 125000000"*
*seq 170 attribute Service-Interim-Accounting 1200*
*\!*
*radius service profile service3072*
*accounting in qos "cls-Local cls-Inet"*
*accounting out qos "cls-Local cls-Inet"*
*seq 10 attribute Dynamic-Policy-Filter "ip in forward class cls-Inet qos"*
*seq 20 attribute Dynamic-Policy-Filter "ip out forward class cls-Inet qos"*
*seq 30 attribute Dynamic-Policy-Filter "ip in forward class cls-Local qos"*
*seq 40 attribute Dynamic-Policy-Filter "ip out forward class cls-Local qos"*
*seq 50 attribute Dynamic-Qos-Parameter "meter-class-rate cls-Inet rate-absolute 3000"*
*seq 60 attribute Dynamic-Qos-Parameter "meter-class-burst cls-Inet 375000"*
*seq 70 attribute Dynamic-Qos-Parameter "meter-class-excess-burst cls-Inet 750000"*
*seq 80 attribute Dynamic-Qos-Parameter "police-class-rate cls-Inet rate-absolute 3000"*
*seq 90 attribute Dynamic-Qos-Parameter "police-class-burst cls-Inet 375000"*
*seq 100 attribute Dynamic-Qos-Parameter "police-class-excess-burst cls-Inet 750000"*
*seq 110 attribute Dynamic-Qos-Parameter "meter-class-rate cls-Local rate-absolute 50000"*
*seq 120 attribute Dynamic-Qos-Parameter "meter-class-burst cls-Local 6250000"*
*seq 130 attribute Dynamic-Qos-Parameter "meter-class-excess-burst cls-Local 125000000"*
*seq 140 attribute Dynamic-Qos-Parameter "police-class-rate cls-Local rate-absolute 50000"*
*seq 150 attribute Dynamic-Qos-Parameter "police-class-burst cls-Local 6250000"*
*seq 160 attribute Dynamic-Qos-Parameter "police-class-excess-burst cls-Local 125000000"*
*seq 170 attribute Service-Interim-Accounting 1200*
*\!*
*radius service profile service4096*
*accounting in qos "cls-Local cls-Inet"*
*accounting out qos "cls-Local cls-Inet"*
*seq 10 attribute Dynamic-Policy-Filter "ip in forward class cls-Inet qos"*
*seq 20 attribute Dynamic-Policy-Filter "ip out forward class cls-Inet qos"*
*seq 30 attribute Dynamic-Policy-Filter "ip in forward class cls-Local qos"*
*seq 40 attribute Dynamic-Policy-Filter "ip out forward class cls-Local qos"*
*seq 50 attribute Dynamic-Qos-Parameter "meter-class-rate cls-Inet rate-absolute 4000"*
*seq 60 attribute Dynamic-Qos-Parameter "meter-class-burst cls-Inet 500000"*
*seq 70 attribute Dynamic-Qos-Parameter "meter-class-excess-burst cls-Inet 1000000"*
*seq 80 attribute Dynamic-Qos-Parameter "police-class-rate cls-Inet rate-absolute 4000"*
*seq 90 attribute Dynamic-Qos-Parameter "police-class-burst cls-Inet 500000"*
*seq 100 attribute Dynamic-Qos-Parameter "police-class-excess-burst cls-Inet 1000000"*
*seq 110 attribute Dynamic-Qos-Parameter "meter-class-rate cls-Local rate-absolute 50000"*
*seq 120 attribute Dynamic-Qos-Parameter "meter-class-burst cls-Local 6250000"*
*seq 130 attribute Dynamic-Qos-Parameter "meter-class-excess-burst cls-Local 125000000"*
*seq 140 attribute Dynamic-Qos-Parameter "police-class-rate cls-Local rate-absolute 50000"*
*seq 150 attribute Dynamic-Qos-Parameter "police-class-burst cls-Local 6250000"*
*seq 160 attribute Dynamic-Qos-Parameter "police-class-excess-burst cls-Local 125000000"*
*seq 170 attribute Service-Interim-Accounting 1200*
*\!*
*radius service profile service512*
*parameter value Rate-Inet 500*
*parameter value Burst-Inet 62500*
*parameter value ExBurst-Inet 125000*
*parameter value Rate-Local 50000*
*parameter value Burst-Local 6250000*
*parameter value ExBurst-Local 125000000*
*accounting in qos "cls-Local cls-Inet"*
*accounting out qos "cls-Local cls-Inet"*
*seq 10 attribute Dynamic-Policy-Filter "ip in forward class cls-Inet qos"*
*seq 20 attribute Dynamic-Policy-Filter "ip out forward class cls-Inet qos"*
*seq 30 attribute Dynamic-Policy-Filter "ip in forward class cls-Local qos"*
*seq 40 attribute Dynamic-Policy-Filter "ip out forward class cls-Local qos"*
*seq 50 attribute Dynamic-Qos-Parameter "meter-class-rate cls-Inet rate-absolute $Rate-Inet"*
*seq 60 attribute Dynamic-Qos-Parameter "meter-class-burst cls-Inet $Burst-Inet"*
*seq 70 attribute Dynamic-Qos-Parameter "meter-class-excess-burst cls-Inet $ExBurst-Inet"*
*seq 80 attribute Dynamic-Qos-Parameter "police-class-rate cls-Inet rate-absolute $Rate-Inet"*
*seq 90 attribute Dynamic-Qos-Parameter "police-class-burst cls-Inet $Burst-Inet"*
*seq 100 attribute Dynamic-Qos-Parameter "police-class-excess-burst cls-Inet $ExBurst-Inet"*
*seq 110 attribute Dynamic-Qos-Parameter "meter-class-rate cls-Local rate-absolute $Rate-Local"*
*seq 120 attribute Dynamic-Qos-Parameter "meter-class-burst cls-Local $Burst-Local"*
*seq 130 attribute Dynamic-Qos-Parameter "meter-class-excess-burst cls-Local $ExBurst-Local"*
*seq 140 attribute Dynamic-Qos-Parameter "police-class-rate cls-Local rate-absolute $Rate-Local"*
*seq 150 attribute Dynamic-Qos-Parameter "police-class-burst cls-Local $Burst-Local"*
*seq 160 attribute Dynamic-Qos-Parameter "police-class-excess-burst cls-Local $ExBurst-Local"*
*seq 170 attribute Service-Interim-Accounting 1200*
\!
ip route 0.0.0.0/0 context local
ip route 10.64.0.96/29 172.16.5.5 connected tag 101
ip route 10.64.0.184/29 10.64.10.1 connected tag 777
\!
dhcp relay option
dhcp relay server 10.64.0.98
\!
flow collector ideco
ip-address 10.64.0.98 context arm
port 9996
export-version v5
ip profile p1
\!
logging tdm console
logging active
logging standby short
\!
forward policy NOAUTH-IPOE
access-group HTTP-REDIRECT arm
class CLS-NORMAL
class CLS-REDIRECT
redirect destination local
class CLS-DROP
drop
\!
qos policy default-in policing radius-guided
access-group acl-classess-in arm
class cls-Local
rate 2000 burst 25000 excess-burst 500000
class cls-Inet
rate 2000 burst 25000 excess-burst 500000
rate-calculation exclude layer-2-overhead
\!
qos policy default-out metering radius-guided
access-group acl-classess-out arm
class cls-Local
rate 2000 burst 25000 excess-burst 500000
class cls-Inet
rate 2000 burst 25000 excess-burst 500000
rate-calculation exclude layer-2-overhead
\!
snmp server
traps ifmib encaps
traps ifmib ip
snmp engine-id local 10:10:10:10:10
snmp view Inet-View internet included
snmp community public view Inet-View
\!
system clock timezone MSK 0 0
\!
http-redirect server
port 80
\!
card carrier 2
mic 1 ge-2-port
mic 2 ge-2-port
\!
port ethernet 2/1
no auto-negotiate
no shutdown
encapsulation dot1q
dot1q pvc 150
bind interface vlan150-upravlenie local
dot1q pvc 177
bind interface to-L3-Relay-001 arm
service clips dhcp context arm
\!
port ethernet 2/2
no auto-negotiate
speed 100
no shutdown
medium-type copper
bind interface GNC local
\!
port ethernet 2/15
no auto-negotiate
no shutdown
encapsulation dot1q
dot1q pvc 99
bind interface vlan99-colocation local
\!
boot configuration tmplt1.cfg
no service console-break
service crash-dump-dram
no service auto-system-recovery
\!
end
{panel}
h2. Настройка ACP
[Пример event_inc.sh для работы с redback|http://asrdoc.ideco.ru/display/asrdocnew/Redback]
h2. Пример тарифа
\#TODO
Для более опытных специалистов интересующая информация (создание сервисов) выделена курсивом.
h2. Настройка оборудования
{panel}
service multiple-contexts
service inter-context routing
\!
flow admission-control profile heavy-user
max-flows-per-circuit 100
sustained-creation-rate 10
burst-creation-rate 20
\!
flow ip profile p1
active-timeout 1000
inactive-timeout 10
aggregation-cache-size 8192
\!
context local
\!
no ip domain-lookup
\!
interface GNC
ip address 192.168.97.166/30
\!
interface vlan150-upravlenie
ip address 172.16.10.1/24
ip access-group acl-for-v150-relays-only in
\!
interface vlan99-colocation
ip address 172.16.5.1/24
logging console
\!
ip access-list acl-for-v150-relays-only
seq 10 permit ip 172.16.10.0 0.0.0.255
seq 20 permit ip host 10.64.0.178
\!
ip access-list admin-access
seq 10 permit tcp any any eq ssh
seq 20 deny tcp any any eq telnet
\!
ip prefix-list MyBGPAllOut
description Filter BGP Out My Networks
seq 10 permit 10.128.72.0/21
\!
router bgp 12345
router-id 192.168.97.166
address-family ipv4 unicast
redistribute static
aggregate-address 10.128.72.0/21
network 10.128.72.0/21
\!
neighbor 192.168.97.165 external
remote-as 54321
address-family ipv4 unicast
prefix-list MyBGPAllOut out
\!
enable encrypted 1 $1$........$here was a hash
\!
aaa authentication administrator local
aaa authentication administrator maximum sessions 12
\!
administrator \*\**\**\*\* encrypted *\**\********************.
administrator ro encrypted \*******************\*
\!
ip route 0.0.0.0/0 192.168.97.165
ip route 4.4.4.4/32 context arm
ip route 10.64.10.0/30 context arm
ip route 10.64.0.96/29 172.16.5.5 connected tag 101
ip route 10.64.0.160/28 172.16.172.16 connected tag 200
ip route 10.64.0.176/29 172.16.5.5 connected tag 199
ip route 10.64.0.184/29 context arm
ip route 10.128.72.0/26 172.16.5.5 connected tag 101
ip route 10.128.72.0/21 null0 distance 200
no service telnet server
\!
context arm
\!
no ip domain-lookup
\!
interface clients_10.64.0.184/29 multibind
ip address 10.64.0.190/29
dhcp proxy 254
\!
interface loop0 loopback
ip address 4.4.4.4/32
\!
interface to-L3-Relay-001 p2p
ip address 10.64.192.168/30
ip source-address radius dhcp-server flow-ip
ip access-group acl-for-l3-relays-only in
no logging console
\!
ip access-list acl-for-l3-relays-only
seq 10 permit ip 10.64.0.160 0.0.0.15
seq 20 permit ip host 10.64.0.178
seq 30 permit ip host 10.64.0.185
seq 40 permit ip 172.16.0.0 0.0.255.255
\!
policy access-list HTTP-REDIRECT
seq 10 permit ip any host 8.8.8.8 class CLS-NORMAL
seq 20 permit ip any host 8.8.4.4 class CLS-NORMAL
seq 30 permit tcp any host 10.64.0.98 eq 67 class CLS-NORMAL
seq 31 permit tcp any host 10.64.0.98 eq 68 class CLS-NORMAL
seq 35 permit tcp any host 15.16.17.18 eq www class CLS-NORMAL
seq 40 permit tcp any any eq www class CLS-REDIRECT
seq 50 permit ip any any class CLS-DROP
\!
policy access-list acl-classess-in
seq 10 permit ip any 172.16.5.0 0.0.0.255 class cls-Local
seq 20 permit ip any 10.64.0.184 0.0.0.7 class cls-Local
seq 30 permit ip any any class cls-Inet
\!
policy access-list acl-classess-out
seq 10 permit ip 172.16.5.0 0.0.0.255 any class cls-Local
seq 20 permit ip 10.64.0.184 0.0.0.7 any class cls-Local
seq 30 permit ip any any class cls-Inet
\!
http-redirect profile NOAUTH
url "http://vpn.mydomain.ru"
\!
aaa authentication administrator local
aaa authentication administrator maximum sessions 1
aaa authentication subscriber radius
aaa accounting subscriber radius
aaa update subscriber 10
aaa accounting event dhcp
aaa accounting suppress-acct-on-fail
radius accounting server 10.64.0.98 encrypted-key \****************\*
radius coa server 10.64.0.98 encrypted-key \*************\* port 1700
\!
radius server 10.64.0.98 encrypted-key \****************\*
radius attribute nas-ip-address interface to-L3-Relay-001
radius attribute calling-station-id format agent-circuit-id agent-remote-id non-ascii
radius attribute calling-station-id separator #
radius attribute nas-port format session-info
radius attribute nas-identifier Redback
\!
subscriber default
qos policy policing default-in
qos policy metering default-out
dhcp max-addrs 1
flow apply admission-control profile heavy-user bidirectional
flow apply ip profile p1 both
\!
*radius service profile RSE-BASED-INET-LOCAL*
*parameter value Rate-Inet 1000*
*parameter value Burst-Inet 125000*
*parameter value ExBurst-Inet 250000*
*parameter value Rate-Local 1000*
*parameter value Burst-Local 125000*
*parameter value ExBurst-Local 250000*
*accounting in qos "cls-Local cls-Inet"*
*accounting out qos "cls-Local cls-Inet"*
*seq 10 attribute Dynamic-Policy-Filter "ip in forward class cls-Inet qos"*
*seq 20 attribute Dynamic-Policy-Filter "ip out forward class cls-Inet qos"*
*seq 30 attribute Dynamic-Policy-Filter "ip in forward class cls-Local qos"*
*seq 40 attribute Dynamic-Policy-Filter "ip out forward class cls-Local qos"*
*seq 50 attribute Dynamic-Qos-Parameter "meter-class-rate cls-Inet rate-absolute $Rate-Inet"*
*seq 60 attribute Dynamic-Qos-Parameter "meter-class-burst cls-Inet $Burst-Inet"*
*seq 70 attribute Dynamic-Qos-Parameter "meter-class-excess-burst cls-Inet $ExBurst-Inet"*
*seq 80 attribute Dynamic-Qos-Parameter "police-class-rate cls-Inet rate-absolute $Rate-Inet"*
*seq 90 attribute Dynamic-Qos-Parameter "police-class-burst cls-Inet $Burst-Inet"*
*seq 100 attribute Dynamic-Qos-Parameter "police-class-excess-burst cls-Inet $ExBurst-Inet"*
*seq 110 attribute Dynamic-Qos-Parameter "meter-class-rate cls-Local rate-absolute $Rate-Local"*
*seq 120 attribute Dynamic-Qos-Parameter "meter-class-burst cls-Local $Burst-Local"*
*seq 130 attribute Dynamic-Qos-Parameter "meter-class-excess-burst cls-Local $ExBurst-Local"*
*seq 140 attribute Dynamic-Qos-Parameter "police-class-rate cls-Local rate-absolute $Rate-Local"*
*seq 150 attribute Dynamic-Qos-Parameter "police-class-burst cls-Local $Burst-Local"*
*seq 160 attribute Dynamic-Qos-Parameter "police-class-excess-burst cls-Local $ExBurst-Local"*
*seq 170 attribute Service-Interim-Accounting 1200*
*\!*
*radius service profile service1024*
*accounting in qos "cls-Local cls-Inet"*
*accounting out qos "cls-Local cls-Inet"*
*seq 10 attribute Dynamic-Policy-Filter "ip in forward class cls-Inet qos"*
*seq 20 attribute Dynamic-Policy-Filter "ip out forward class cls-Inet qos"*
*seq 30 attribute Dynamic-Policy-Filter "ip in forward class cls-Local qos"*
*seq 40 attribute Dynamic-Policy-Filter "ip out forward class cls-Local qos"*
*seq 50 attribute Dynamic-Qos-Parameter "meter-class-rate cls-Inet rate-absolute 1000"*
*seq 60 attribute Dynamic-Qos-Parameter "meter-class-burst cls-Inet 125000"*
*seq 70 attribute Dynamic-Qos-Parameter "meter-class-excess-burst cls-Inet 250000"*
*seq 80 attribute Dynamic-Qos-Parameter "police-class-rate cls-Inet rate-absolute 1000"*
*seq 90 attribute Dynamic-Qos-Parameter "police-class-burst cls-Inet 125000"*
*seq 100 attribute Dynamic-Qos-Parameter "police-class-excess-burst cls-Inet 250000"*
*seq 110 attribute Dynamic-Qos-Parameter "meter-class-rate cls-Local rate-absolute 50000"*
*seq 120 attribute Dynamic-Qos-Parameter "meter-class-burst cls-Local 6250000"*
*seq 130 attribute Dynamic-Qos-Parameter "meter-class-excess-burst cls-Local 125000000"*
*seq 140 attribute Dynamic-Qos-Parameter "police-class-rate cls-Local rate-absolute 50000"*
*seq 150 attribute Dynamic-Qos-Parameter "police-class-burst cls-Local 6250000"*
*seq 160 attribute Dynamic-Qos-Parameter "police-class-excess-burst cls-Local 125000000"*
*seq 170 attribute Service-Interim-Accounting 900*
*\!*
*radius service profile service2048*
*accounting in qos "cls-Local cls-Inet"*
*accounting out qos "cls-Local cls-Inet"*
*seq 10 attribute Dynamic-Policy-Filter "ip in forward class cls-Inet qos"*
*seq 20 attribute Dynamic-Policy-Filter "ip out forward class cls-Inet qos"*
*seq 30 attribute Dynamic-Policy-Filter "ip in forward class cls-Local qos"*
*seq 40 attribute Dynamic-Policy-Filter "ip out forward class cls-Local qos"*
*seq 50 attribute Dynamic-Qos-Parameter "meter-class-rate cls-Inet rate-absolute 2000"*
*seq 60 attribute Dynamic-Qos-Parameter "meter-class-burst cls-Inet 250000"*
*seq 70 attribute Dynamic-Qos-Parameter "meter-class-excess-burst cls-Inet 500000"*
*seq 80 attribute Dynamic-Qos-Parameter "police-class-rate cls-Inet rate-absolute 2000"*
*seq 90 attribute Dynamic-Qos-Parameter "police-class-burst cls-Inet 250000"*
*seq 100 attribute Dynamic-Qos-Parameter "police-class-excess-burst cls-Inet 500000"*
*seq 110 attribute Dynamic-Qos-Parameter "meter-class-rate cls-Local rate-absolute 50000"*
*seq 120 attribute Dynamic-Qos-Parameter "meter-class-burst cls-Local 6250000"*
*seq 130 attribute Dynamic-Qos-Parameter "meter-class-excess-burst cls-Local 125000000"*
*seq 140 attribute Dynamic-Qos-Parameter "police-class-rate cls-Local rate-absolute 50000"*
*seq 150 attribute Dynamic-Qos-Parameter "police-class-burst cls-Local 6250000"*
*seq 160 attribute Dynamic-Qos-Parameter "police-class-excess-burst cls-Local 125000000"*
*seq 170 attribute Service-Interim-Accounting 1200*
*\!*
*radius service profile service3072*
*accounting in qos "cls-Local cls-Inet"*
*accounting out qos "cls-Local cls-Inet"*
*seq 10 attribute Dynamic-Policy-Filter "ip in forward class cls-Inet qos"*
*seq 20 attribute Dynamic-Policy-Filter "ip out forward class cls-Inet qos"*
*seq 30 attribute Dynamic-Policy-Filter "ip in forward class cls-Local qos"*
*seq 40 attribute Dynamic-Policy-Filter "ip out forward class cls-Local qos"*
*seq 50 attribute Dynamic-Qos-Parameter "meter-class-rate cls-Inet rate-absolute 3000"*
*seq 60 attribute Dynamic-Qos-Parameter "meter-class-burst cls-Inet 375000"*
*seq 70 attribute Dynamic-Qos-Parameter "meter-class-excess-burst cls-Inet 750000"*
*seq 80 attribute Dynamic-Qos-Parameter "police-class-rate cls-Inet rate-absolute 3000"*
*seq 90 attribute Dynamic-Qos-Parameter "police-class-burst cls-Inet 375000"*
*seq 100 attribute Dynamic-Qos-Parameter "police-class-excess-burst cls-Inet 750000"*
*seq 110 attribute Dynamic-Qos-Parameter "meter-class-rate cls-Local rate-absolute 50000"*
*seq 120 attribute Dynamic-Qos-Parameter "meter-class-burst cls-Local 6250000"*
*seq 130 attribute Dynamic-Qos-Parameter "meter-class-excess-burst cls-Local 125000000"*
*seq 140 attribute Dynamic-Qos-Parameter "police-class-rate cls-Local rate-absolute 50000"*
*seq 150 attribute Dynamic-Qos-Parameter "police-class-burst cls-Local 6250000"*
*seq 160 attribute Dynamic-Qos-Parameter "police-class-excess-burst cls-Local 125000000"*
*seq 170 attribute Service-Interim-Accounting 1200*
*\!*
*radius service profile service4096*
*accounting in qos "cls-Local cls-Inet"*
*accounting out qos "cls-Local cls-Inet"*
*seq 10 attribute Dynamic-Policy-Filter "ip in forward class cls-Inet qos"*
*seq 20 attribute Dynamic-Policy-Filter "ip out forward class cls-Inet qos"*
*seq 30 attribute Dynamic-Policy-Filter "ip in forward class cls-Local qos"*
*seq 40 attribute Dynamic-Policy-Filter "ip out forward class cls-Local qos"*
*seq 50 attribute Dynamic-Qos-Parameter "meter-class-rate cls-Inet rate-absolute 4000"*
*seq 60 attribute Dynamic-Qos-Parameter "meter-class-burst cls-Inet 500000"*
*seq 70 attribute Dynamic-Qos-Parameter "meter-class-excess-burst cls-Inet 1000000"*
*seq 80 attribute Dynamic-Qos-Parameter "police-class-rate cls-Inet rate-absolute 4000"*
*seq 90 attribute Dynamic-Qos-Parameter "police-class-burst cls-Inet 500000"*
*seq 100 attribute Dynamic-Qos-Parameter "police-class-excess-burst cls-Inet 1000000"*
*seq 110 attribute Dynamic-Qos-Parameter "meter-class-rate cls-Local rate-absolute 50000"*
*seq 120 attribute Dynamic-Qos-Parameter "meter-class-burst cls-Local 6250000"*
*seq 130 attribute Dynamic-Qos-Parameter "meter-class-excess-burst cls-Local 125000000"*
*seq 140 attribute Dynamic-Qos-Parameter "police-class-rate cls-Local rate-absolute 50000"*
*seq 150 attribute Dynamic-Qos-Parameter "police-class-burst cls-Local 6250000"*
*seq 160 attribute Dynamic-Qos-Parameter "police-class-excess-burst cls-Local 125000000"*
*seq 170 attribute Service-Interim-Accounting 1200*
*\!*
*radius service profile service512*
*parameter value Rate-Inet 500*
*parameter value Burst-Inet 62500*
*parameter value ExBurst-Inet 125000*
*parameter value Rate-Local 50000*
*parameter value Burst-Local 6250000*
*parameter value ExBurst-Local 125000000*
*accounting in qos "cls-Local cls-Inet"*
*accounting out qos "cls-Local cls-Inet"*
*seq 10 attribute Dynamic-Policy-Filter "ip in forward class cls-Inet qos"*
*seq 20 attribute Dynamic-Policy-Filter "ip out forward class cls-Inet qos"*
*seq 30 attribute Dynamic-Policy-Filter "ip in forward class cls-Local qos"*
*seq 40 attribute Dynamic-Policy-Filter "ip out forward class cls-Local qos"*
*seq 50 attribute Dynamic-Qos-Parameter "meter-class-rate cls-Inet rate-absolute $Rate-Inet"*
*seq 60 attribute Dynamic-Qos-Parameter "meter-class-burst cls-Inet $Burst-Inet"*
*seq 70 attribute Dynamic-Qos-Parameter "meter-class-excess-burst cls-Inet $ExBurst-Inet"*
*seq 80 attribute Dynamic-Qos-Parameter "police-class-rate cls-Inet rate-absolute $Rate-Inet"*
*seq 90 attribute Dynamic-Qos-Parameter "police-class-burst cls-Inet $Burst-Inet"*
*seq 100 attribute Dynamic-Qos-Parameter "police-class-excess-burst cls-Inet $ExBurst-Inet"*
*seq 110 attribute Dynamic-Qos-Parameter "meter-class-rate cls-Local rate-absolute $Rate-Local"*
*seq 120 attribute Dynamic-Qos-Parameter "meter-class-burst cls-Local $Burst-Local"*
*seq 130 attribute Dynamic-Qos-Parameter "meter-class-excess-burst cls-Local $ExBurst-Local"*
*seq 140 attribute Dynamic-Qos-Parameter "police-class-rate cls-Local rate-absolute $Rate-Local"*
*seq 150 attribute Dynamic-Qos-Parameter "police-class-burst cls-Local $Burst-Local"*
*seq 160 attribute Dynamic-Qos-Parameter "police-class-excess-burst cls-Local $ExBurst-Local"*
*seq 170 attribute Service-Interim-Accounting 1200*
\!
ip route 0.0.0.0/0 context local
ip route 10.64.0.96/29 172.16.5.5 connected tag 101
ip route 10.64.0.184/29 10.64.10.1 connected tag 777
\!
dhcp relay option
dhcp relay server 10.64.0.98
\!
flow collector ideco
ip-address 10.64.0.98 context arm
port 9996
export-version v5
ip profile p1
\!
logging tdm console
logging active
logging standby short
\!
forward policy NOAUTH-IPOE
access-group HTTP-REDIRECT arm
class CLS-NORMAL
class CLS-REDIRECT
redirect destination local
class CLS-DROP
drop
\!
qos policy default-in policing radius-guided
access-group acl-classess-in arm
class cls-Local
rate 2000 burst 25000 excess-burst 500000
class cls-Inet
rate 2000 burst 25000 excess-burst 500000
rate-calculation exclude layer-2-overhead
\!
qos policy default-out metering radius-guided
access-group acl-classess-out arm
class cls-Local
rate 2000 burst 25000 excess-burst 500000
class cls-Inet
rate 2000 burst 25000 excess-burst 500000
rate-calculation exclude layer-2-overhead
\!
snmp server
traps ifmib encaps
traps ifmib ip
snmp engine-id local 10:10:10:10:10
snmp view Inet-View internet included
snmp community public view Inet-View
\!
system clock timezone MSK 0 0
\!
http-redirect server
port 80
\!
card carrier 2
mic 1 ge-2-port
mic 2 ge-2-port
\!
port ethernet 2/1
no auto-negotiate
no shutdown
encapsulation dot1q
dot1q pvc 150
bind interface vlan150-upravlenie local
dot1q pvc 177
bind interface to-L3-Relay-001 arm
service clips dhcp context arm
\!
port ethernet 2/2
no auto-negotiate
speed 100
no shutdown
medium-type copper
bind interface GNC local
\!
port ethernet 2/15
no auto-negotiate
no shutdown
encapsulation dot1q
dot1q pvc 99
bind interface vlan99-colocation local
\!
boot configuration tmplt1.cfg
no service console-break
service crash-dump-dram
no service auto-system-recovery
\!
end
{panel}
h2. Настройка ACP
[Пример event_inc.sh для работы с redback|http://asrdoc.ideco.ru/display/asrdocnew/Redback]
h2. Пример тарифа
\#TODO