Интеграция заключается в следующих шагах:
# Настройка сервисов / политик / профилей на оборудовании
# Настройка скрипта event_inc.sh на Ideco ACP для пересылки нужных команд
# Создание и настройка RADIUS-атрибутов в тарифах для пользователей
h2. Внимание\!
Все предоставленные примеры не обязательно являются рабочими, использовать их для настройки своего оборудования без понимания принципа действия - категорически запрещено.
Примеры предоставлены исключительно для понимания принципов работы Ideco ACP с сторонним оборудованием.
h2. Настройка оборудования (Cisco 7204 с модулем ISG)
{code}
class-map type traffic match-any Redir_to_web
match access-group input 101
!
class-map type traffic match-any to_Portal
match access-group input 103
!
class-map type traffic match-any Redirect_DNS
match access-group input 104
!
class-map type control match-all USER_DROP
match authen-status unauthenticated
match timer 5Min
!
class-map match-all NOT_SHAPE_TRF
match access-group 130
policy-map type service NOMONEY
class type traffic Redir_to_web
redirect to group REDIRECT
!
policy-map type service L4REDIRECT_to_DNS
class type traffic Redirect_DNS
redirect to group REDIRECT_DNS
!
policy-map type service L4REDIRECT-ATT
class type traffic to_Portal
redirect to group REDIRECT
class type traffic default input
drop
!
policy-map type service 512k_DEF
service-policy input 512IN
service-policy output 512OUT
!
policy-map type control RULEISG
class type control USER_DROP event timed-policy-expiry
1 service disconnect
class type control always event quota-depleted
1 set-param drop-traffic FALSE
class type control always event session-start
1 authorize aaa list ISG password cisco identifier source-ip-address
2 service-policy type service name L4REDIRECT_to_DNS
3 service-policy type service name L4REDIRECT-ATT
4 set-timer 5Min 5
class type control always event credit-exhausted
1 service-policy type service name NOMONEY
class type control always event service-failed
1 service-policy type service name 512k_DEF
2 log-session-state
class type control always event service-stop
1 service-policy type service unapply identifier service-name
2 service-policy type service name 512k_DEF
!
policy-map 2000kOUT
class NOT_SHAPE_TRF
police cir 2000000 bc 375000 be 750000 conform-action transmit exceed-action drop violate-action drop
policy-map 2200kIN
class NOT_SHAPE_TRF
police cir 2200000 bc 412500 be 825000 conform-action transmit exceed-action drop violate-action drop
policy-map 300kOUT
class NOT_SHAPE_TRF
police cir 300000 bc 56250 be 112500 conform-action transmit exceed-action drop violate-action drop
policy-map 8000kIN
class NOT_SHAPE_TRF
police cir 8000000 bc 1500000 be 3000000 conform-action transmit exceed-action drop violate-action drop
policy-map 1000kOUT
class NOT_SHAPE_TRF
police cir 1000000 bc 187500 be 375000 conform-action transmit exceed-action drop violate-action drop
policy-map 500kIN
class NOT_SHAPE_TRF
police cir 500000 bc 93750 be 187500 conform-action transmit exceed-action drop violate-action drop
policy-map 1100kIN
class NOT_SHAPE_TRF
police cir 1100000 bc 206250 be 412500 conform-action transmit exceed-action drop violate-action drop
policy-map 3000kOUT
class NOT_SHAPE_TRF
police cir 3000000 bc 562500 be 1125000 conform-action transmit exceed-action drop violate-action drop
policy-map 8000kOUT
class NOT_SHAPE_TRF
police cir 8000000 bc 1500000 be 3000000 conform-action transmit exceed-action drop violate-action drop
policy-map 1024IN
class class-default
police cir 1024000 bc 192000 be 384000 conform-action transmit exceed-action drop violate-action drop
policy-map 600kOUT
class NOT_SHAPE_TRF
police cir 600000 bc 112500 be 225000 conform-action transmit exceed-action drop violate-action drop
policy-map 3000kIN
class NOT_SHAPE_TRF
police cir 3000000 bc 562500 be 1125000 conform-action transmit exceed-action drop violate-action drop
policy-map 50kIN
class NOT_SHAPE_TRF
police cir 50000 bc 9375 be 18750 conform-action transmit exceed-action drop violate-action drop
policy-map 512OUT
class class-default
police cir 512000 bc 96000 be 192000 conform-action transmit exceed-action drop violate-action drop
policy-map 2000kIN
class NOT_SHAPE_TRF
police cir 2000000 bc 375000 be 750000 conform-action transmit exceed-action drop violate-action drop
policy-map 4000kIN
class NOT_SHAPE_TRF
police cir 4000000 bc 750000 be 1500000 conform-action transmit exceed-action drop violate-action drop
policy-map 300kIN
class NOT_SHAPE_TRF
police cir 300000 bc 56250 be 112500 conform-action transmit exceed-action drop violate-action drop
policy-map 256IN
class class-default
police cir 256000 bc 48000 be 96000 conform-action transmit exceed-action drop violate-action drop
policy-map 256OUT
class class-default
police cir 256000 bc 48000 be 96000 conform-action transmit exceed-action drop violate-action drop
policy-map 1500kIN
class NOT_SHAPE_TRF
police cir 1500000 bc 281250 be 562500 conform-action transmit exceed-action drop violate-action drop
policy-map 1024OUT
class class-default
police cir 1024000 bc 192000 be 384000 conform-action transmit exceed-action drop violate-action drop
policy-map 600kIN
class NOT_SHAPE_TRF
police cir 600000 bc 112500 be 225000 conform-action transmit exceed-action drop violate-action drop
policy-map 1100kOUT
class NOT_SHAPE_TRF
police cir 1100000 bc 206250 be 412500 conform-action transmit exceed-action drop violate-action drop
policy-map 512IN
class class-default
police cir 512000 bc 96000 be 192000 conform-action transmit exceed-action drop violate-action drop
policy-map 1000kIN
class NOT_SHAPE_TRF
police cir 1000000 bc 187500 be 375000 conform-action transmit exceed-action drop violate-action drop
policy-map 2500kOUT
class NOT_SHAPE_TRF
police cir 2500000 bc 468750 be 937500 conform-action transmit exceed-action drop violate-action drop
policy-map 50kOUT
class NOT_SHAPE_TRF
police cir 50000 bc 9375 be 18750 conform-action transmit exceed-action drop violate-action drop
policy-map 2200kOUT
class NOT_SHAPE_TRF
police cir 2200000 bc 412500 be 825000 conform-action transmit exceed-action drop violate-action drop
policy-map 150kOUT
class NOT_SHAPE_TRF
police cir 150000 bc 28125 be 56250 conform-action transmit exceed-action drop violate-action drop
policy-map 2500kIN
class NOT_SHAPE_TRF
police cir 2500000 bc 468750 be 937500 conform-action transmit exceed-action drop violate-action drop
policy-map 500kOUT
class NOT_SHAPE_TRF
police cir 500000 bc 93750 be 187500 conform-action transmit exceed-action drop violate-action drop
policy-map 4000kOUT
class NOT_SHAPE_TRF
police cir 4000000 bc 750000 be 1500000 conform-action transmit exceed-action drop violate-action drop
policy-map 150kIN
class NOT_SHAPE_TRF
police cir 150000 bc 28125 be 56250 conform-action transmit exceed-action drop violate-action drop
policy-map 1500kOUT
class NOT_SHAPE_TRF
police cir 1500000 bc 281250 be 562500 conform-action transmit exceed-action drop violate-action drop
{code}
h2. Настройка АСР
\#TODO write event_inc.sh
repaidReauthReason 9, 253 Control-Info QR1
{code}
/bin/echo "User-Name=\"95.129.77.130\",cisco-avpair=\"subscriber:command=service-status-query\",cisco-avpair+=\"subscriber:service-name=PREPAID_INT2200\",Cisco-Account-Info=\"S$WHITEIP\"" | radclient -x $GREYIP:1700 coa 1234
/bin/echo "User-Name=\"95.129.77.130\",Cisco-Account-Info=\"S95.129.77.130\",cisco-avpair=\"subscriber:command=account-status-query\"" | radclient -x $GREYIP:1700 coa 1234
/bin/echo "User-Name=\"f_annychka\",cisco-avpair=\"subscriber:command=account-logon\",Cisco-Account-Info=\"S10.10.0.1\",Idle-Timeout=200" | /usr/local/bin/radclient -x $GREYIP2:1700 coa cisco555
/bin/echo "User-Name=\"95.129.77.130\",Cisco-Account-Info=\"S95.129.77.130\",cisco-avpair=\"subscriber:command=profile-status-query\"" | radclient -x $GREYIP:1700 coa 1234
/bin/echo "User-Name=\"95.129.77.130\",Cisco-Account-Info=\"S95.129.77.130\",cisco-avpair=\"subscriber:command=account-profile-status-query\"" | radclient -x $GREYIP:1700 coa 1234
{code}
*Смена* *сервис* *то есть* *скорости*
*ip=95.129.77.2 ;echo "User-Name=\"$ip\",Cisco-Account-Info=\"S$ip\",cisco-avpair+=\"subscriber:service-name=NOMONEY\",cisco-avpair+=\"subscriber:command=activate-service\"" \| radclient \-x 10.254.254.253:1700 coa 1234*
*Редирект через смену сервиса*
ip=95.129.77.2 ;echo "User-Name=\"$ip\",Cisco-Account-Info=\"S$ip\",cisco-avpair+=\"subscriber:service-name=L4REDIRECT-ATT\",cisco-avpair+=\"subscriber:command=activate-service\"" \| radclient \-x 10.254.254.253:1700 coa 1234
# Настройка сервисов / политик / профилей на оборудовании
# Настройка скрипта event_inc.sh на Ideco ACP для пересылки нужных команд
# Создание и настройка RADIUS-атрибутов в тарифах для пользователей
h2. Внимание\!
Все предоставленные примеры не обязательно являются рабочими, использовать их для настройки своего оборудования без понимания принципа действия - категорически запрещено.
Примеры предоставлены исключительно для понимания принципов работы Ideco ACP с сторонним оборудованием.
h2. Настройка оборудования (Cisco 7204 с модулем ISG)
{code}
class-map type traffic match-any Redir_to_web
match access-group input 101
!
class-map type traffic match-any to_Portal
match access-group input 103
!
class-map type traffic match-any Redirect_DNS
match access-group input 104
!
class-map type control match-all USER_DROP
match authen-status unauthenticated
match timer 5Min
!
class-map match-all NOT_SHAPE_TRF
match access-group 130
policy-map type service NOMONEY
class type traffic Redir_to_web
redirect to group REDIRECT
!
policy-map type service L4REDIRECT_to_DNS
class type traffic Redirect_DNS
redirect to group REDIRECT_DNS
!
policy-map type service L4REDIRECT-ATT
class type traffic to_Portal
redirect to group REDIRECT
class type traffic default input
drop
!
policy-map type service 512k_DEF
service-policy input 512IN
service-policy output 512OUT
!
policy-map type control RULEISG
class type control USER_DROP event timed-policy-expiry
1 service disconnect
class type control always event quota-depleted
1 set-param drop-traffic FALSE
class type control always event session-start
1 authorize aaa list ISG password cisco identifier source-ip-address
2 service-policy type service name L4REDIRECT_to_DNS
3 service-policy type service name L4REDIRECT-ATT
4 set-timer 5Min 5
class type control always event credit-exhausted
1 service-policy type service name NOMONEY
class type control always event service-failed
1 service-policy type service name 512k_DEF
2 log-session-state
class type control always event service-stop
1 service-policy type service unapply identifier service-name
2 service-policy type service name 512k_DEF
!
policy-map 2000kOUT
class NOT_SHAPE_TRF
police cir 2000000 bc 375000 be 750000 conform-action transmit exceed-action drop violate-action drop
policy-map 2200kIN
class NOT_SHAPE_TRF
police cir 2200000 bc 412500 be 825000 conform-action transmit exceed-action drop violate-action drop
policy-map 300kOUT
class NOT_SHAPE_TRF
police cir 300000 bc 56250 be 112500 conform-action transmit exceed-action drop violate-action drop
policy-map 8000kIN
class NOT_SHAPE_TRF
police cir 8000000 bc 1500000 be 3000000 conform-action transmit exceed-action drop violate-action drop
policy-map 1000kOUT
class NOT_SHAPE_TRF
police cir 1000000 bc 187500 be 375000 conform-action transmit exceed-action drop violate-action drop
policy-map 500kIN
class NOT_SHAPE_TRF
police cir 500000 bc 93750 be 187500 conform-action transmit exceed-action drop violate-action drop
policy-map 1100kIN
class NOT_SHAPE_TRF
police cir 1100000 bc 206250 be 412500 conform-action transmit exceed-action drop violate-action drop
policy-map 3000kOUT
class NOT_SHAPE_TRF
police cir 3000000 bc 562500 be 1125000 conform-action transmit exceed-action drop violate-action drop
policy-map 8000kOUT
class NOT_SHAPE_TRF
police cir 8000000 bc 1500000 be 3000000 conform-action transmit exceed-action drop violate-action drop
policy-map 1024IN
class class-default
police cir 1024000 bc 192000 be 384000 conform-action transmit exceed-action drop violate-action drop
policy-map 600kOUT
class NOT_SHAPE_TRF
police cir 600000 bc 112500 be 225000 conform-action transmit exceed-action drop violate-action drop
policy-map 3000kIN
class NOT_SHAPE_TRF
police cir 3000000 bc 562500 be 1125000 conform-action transmit exceed-action drop violate-action drop
policy-map 50kIN
class NOT_SHAPE_TRF
police cir 50000 bc 9375 be 18750 conform-action transmit exceed-action drop violate-action drop
policy-map 512OUT
class class-default
police cir 512000 bc 96000 be 192000 conform-action transmit exceed-action drop violate-action drop
policy-map 2000kIN
class NOT_SHAPE_TRF
police cir 2000000 bc 375000 be 750000 conform-action transmit exceed-action drop violate-action drop
policy-map 4000kIN
class NOT_SHAPE_TRF
police cir 4000000 bc 750000 be 1500000 conform-action transmit exceed-action drop violate-action drop
policy-map 300kIN
class NOT_SHAPE_TRF
police cir 300000 bc 56250 be 112500 conform-action transmit exceed-action drop violate-action drop
policy-map 256IN
class class-default
police cir 256000 bc 48000 be 96000 conform-action transmit exceed-action drop violate-action drop
policy-map 256OUT
class class-default
police cir 256000 bc 48000 be 96000 conform-action transmit exceed-action drop violate-action drop
policy-map 1500kIN
class NOT_SHAPE_TRF
police cir 1500000 bc 281250 be 562500 conform-action transmit exceed-action drop violate-action drop
policy-map 1024OUT
class class-default
police cir 1024000 bc 192000 be 384000 conform-action transmit exceed-action drop violate-action drop
policy-map 600kIN
class NOT_SHAPE_TRF
police cir 600000 bc 112500 be 225000 conform-action transmit exceed-action drop violate-action drop
policy-map 1100kOUT
class NOT_SHAPE_TRF
police cir 1100000 bc 206250 be 412500 conform-action transmit exceed-action drop violate-action drop
policy-map 512IN
class class-default
police cir 512000 bc 96000 be 192000 conform-action transmit exceed-action drop violate-action drop
policy-map 1000kIN
class NOT_SHAPE_TRF
police cir 1000000 bc 187500 be 375000 conform-action transmit exceed-action drop violate-action drop
policy-map 2500kOUT
class NOT_SHAPE_TRF
police cir 2500000 bc 468750 be 937500 conform-action transmit exceed-action drop violate-action drop
policy-map 50kOUT
class NOT_SHAPE_TRF
police cir 50000 bc 9375 be 18750 conform-action transmit exceed-action drop violate-action drop
policy-map 2200kOUT
class NOT_SHAPE_TRF
police cir 2200000 bc 412500 be 825000 conform-action transmit exceed-action drop violate-action drop
policy-map 150kOUT
class NOT_SHAPE_TRF
police cir 150000 bc 28125 be 56250 conform-action transmit exceed-action drop violate-action drop
policy-map 2500kIN
class NOT_SHAPE_TRF
police cir 2500000 bc 468750 be 937500 conform-action transmit exceed-action drop violate-action drop
policy-map 500kOUT
class NOT_SHAPE_TRF
police cir 500000 bc 93750 be 187500 conform-action transmit exceed-action drop violate-action drop
policy-map 4000kOUT
class NOT_SHAPE_TRF
police cir 4000000 bc 750000 be 1500000 conform-action transmit exceed-action drop violate-action drop
policy-map 150kIN
class NOT_SHAPE_TRF
police cir 150000 bc 28125 be 56250 conform-action transmit exceed-action drop violate-action drop
policy-map 1500kOUT
class NOT_SHAPE_TRF
police cir 1500000 bc 281250 be 562500 conform-action transmit exceed-action drop violate-action drop
{code}
h2. Настройка АСР
\#TODO write event_inc.sh
repaidReauthReason 9, 253 Control-Info QR1
{code}
/bin/echo "User-Name=\"95.129.77.130\",cisco-avpair=\"subscriber:command=service-status-query\",cisco-avpair+=\"subscriber:service-name=PREPAID_INT2200\",Cisco-Account-Info=\"S$WHITEIP\"" | radclient -x $GREYIP:1700 coa 1234
/bin/echo "User-Name=\"95.129.77.130\",Cisco-Account-Info=\"S95.129.77.130\",cisco-avpair=\"subscriber:command=account-status-query\"" | radclient -x $GREYIP:1700 coa 1234
/bin/echo "User-Name=\"f_annychka\",cisco-avpair=\"subscriber:command=account-logon\",Cisco-Account-Info=\"S10.10.0.1\",Idle-Timeout=200" | /usr/local/bin/radclient -x $GREYIP2:1700 coa cisco555
/bin/echo "User-Name=\"95.129.77.130\",Cisco-Account-Info=\"S95.129.77.130\",cisco-avpair=\"subscriber:command=profile-status-query\"" | radclient -x $GREYIP:1700 coa 1234
/bin/echo "User-Name=\"95.129.77.130\",Cisco-Account-Info=\"S95.129.77.130\",cisco-avpair=\"subscriber:command=account-profile-status-query\"" | radclient -x $GREYIP:1700 coa 1234
{code}
*Смена* *сервис* *то есть* *скорости*
*ip=95.129.77.2 ;echo "User-Name=\"$ip\",Cisco-Account-Info=\"S$ip\",cisco-avpair+=\"subscriber:service-name=NOMONEY\",cisco-avpair+=\"subscriber:command=activate-service\"" \| radclient \-x 10.254.254.253:1700 coa 1234*
*Редирект через смену сервиса*
ip=95.129.77.2 ;echo "User-Name=\"$ip\",Cisco-Account-Info=\"S$ip\",cisco-avpair+=\"subscriber:service-name=L4REDIRECT-ATT\",cisco-avpair+=\"subscriber:command=activate-service\"" \| radclient \-x 10.254.254.253:1700 coa 1234