Default traffic action on ISG

Unanswered Question
May 5th, 2008

Hello -

My goal is to account and to police traffice from internet only not from our LAN.

Unmatched traffic should be passed.

How can I do this?

Is it possble to change 'Default traffic is dropped' to 'Default traffic is passed'?

Here is my test session

BRAS0#sh subscriber session username [email protected] det

Unique Session ID: 1070

Identifier: [email protected]

...skipped...

Policy information:

Context 50CC99F0: Handle 66000186

AAA_id 0000D1EE: Flow_handle 0

Authentication status: authen

Downloaded User profile, excluding services:

addr x.x.x.1

service-type 2 [Framed]

ssg-account-info "Avl-test"

idletime 300 (0x12C)

Framed-Protocol 1 [PPP]

Downloaded User profile, including services:

addr 213.150.74.1

service-type 2 [Framed]

ssg-account-info "Avl-test"

idletime 300 (0x12C)

Framed-Protocol 1 [PPP]

ssg-service-info "R0.0.0.0;0.0.0.0"

inacl "ClientIn"

outacl "ClientOut"

traffic-class "in access-group name NotLANIn"

traffic-class "out access-group name NotLANOut"

ssg-service-info "QD;512000;96000;192000;U;512000;96000;192000"

Config history for session (recent to oldest):

Access-type: Web-service-logon Client: SM

Policy event: Notification Event (Service)

Profile name: wifi-vl-test, 4 references

ssg-service-info "R0.0.0.0;0.0.0.0"

inacl "ClientIn"

outacl "ClientOut"

traffic-class "in access-group name NotLANIn"

traffic-class "out access-group name NotLANOut"

ssg-service-info "QD;512000;96000;192000;U;512000;96000;192000"

service-type 5 [Outbound]

Access-type: Max Client: SM

Policy event: Process Config Connecting (Unapplied) (Service)

Profile name: BLOCK_ANY, 413 references

password <hidden>

traffic-class "input default drop"

traffic-class "output default drop"

Access-type: PPP Client: SM

Policy event: Process Config Connecting

Profile name: apply-config-only, 2 references

addr x.x.x.1

service-type 2 [Framed]

ssg-account-info "Avl-test"

idletime 300 (0x12C)

Framed-Protocol 1 [PPP]

Access-type: VPDN Client: SM

Policy event: Service Selection Request (Service)

Profile name: BLOCK_ANY, 413 references

password <hidden>

traffic-class "input default drop"

traffic-class "output default drop"

Active services associated with session:

name "vl-test"

Rules, actions and conditions executed:

subscriber rule-map PPP_RULE

condition always event session-start

1 service-policy type service name BLOCK_ANY

subscriber rule-map PPP_RULE

condition always event service-start

1 service-policy type service unapply name BLOCK_ANY

2 service-policy type service identifier service-name

Session inbound features:

Traffic classes:

Traffic class session ID: 1123

ACL Name: NotLANIn, Packets = 1952, Bytes = 1458799

Default traffic is dropped <--- !!!!

Unmatched Packets (dropped) = 3, Re-classified packets (redirected) = 0

Session outbound features:

Feature: PPP Idle Timeout

Timeout value is 300

Idle time is 00:00:00

Traffic classes:

Traffic class session ID: 1123

ACL Name: NotLANOut, Packets = 1129, Bytes = 131659

Default traffic is dropped <--- !!!!

Unmatched Packets (dropped) = 0, Re-classified packets (redirected) = 0

Thanks in advance.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion