Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

ISG stop-session

We are trying to setup ISG. ISG was successfully tuned, but we cannot setup session reset.
Here's config of radius billing concerning POD:

nas.inspector.class=bitel.billing.server.processor.PoDNASConnectionInspector
nas.inspector.radius.port=1700
nas.inspector.radius.attributes=Framed-IP-Address;Acct-Session-Id


Configuration of cisco concerning POD and policy maps


aaa new-model
aaa session-mib disconnect
aaa session-id unique
aaa server radius dynamic-author
client X.X.X.X server-key xxxxx
auth-type any
policy-map type control RULE_IP_SESSION2a
class type control always event session-start
30 authorize aaa list AUTHOR_LIST1 password password identifier circuit-id plus mac-address
!
class type control always event session-restart
30 authorize aaa list AUTHOR_LIST1 password password identifier circuit-id plus mac-address
!
class type control always event account-logon
10 authenticate aaa list AUTHEN_LIST1


 
As a result, all sessions running on this very vlan are being reset. And won't get reestablished untill router is being rebooted. After session reset router begins to ignire all packets incoming from this vlan. So, if end-user sets up IP-address manually, even ICMP-packets won't pass through from him to router. But if he tries to do it via DHCP, router logs are still empty. The same is if we try to reset the session via SNMP.
debug for aaa pod

00:22:32:  ++++++ POD Attribute List ++++++
00:22:32: 6390C2F8 0 00000001 addr(8) 4 172.30.30.2
00:22:32: 6390C6A0 0 00000001 session-id(363) 4 19(13)
00:22:32:
00:22:32: POD: Converted to internal Session-Id of 00000013
00:22:32: POD: X.X.X.X user  172.30.30.2 sessid 0x13 key 0x0
00:22:32: POD:      Line     User     IDB          Session Id Key
00:22:32: POD: KILL FastEthe 0004012d x.x.x.x  0x13       0xE4666E78
00:22:32: POD: Sending ACK from port 1812 to x.x.x.x/43090


5 such packets pass through, after them - some watchdogs (update as configured - 1 min)
After that stop-packet follows.

00:10:17: RADIUS(0000000B): Send Accounting-Request to X.X.X.X:1813 id 1646/8, len 426
00:10:17: RADIUS:  authenticator AB 48 50 46 CF 53 E3 5F - CF E2 C3 D2 7F 0E 28 C6        
00:10:17: RADIUS:  Acct-Session-Id     [44]  10  "00000003"                               
00:10:17: RADIUS:  Framed-Protocol     [7]   6   PPP                       [1]            
00:10:17: RADIUS:  Framed-IP-Address   [8]   6   172.30.30.2
00:10:17: RADIUS:  User-Name           [1]   29  "0004012d0102:00eb.0101.200e"
00:10:17: RADIUS:  Acct-Authentic      [45]  6   RADIUS                    [1]
00:10:17: RADIUS:  Vendor, Cisco       [26]  32
00:10:17: RADIUS:   Cisco AVpair       [1]   26  "connect-progress=Call Up"
00:10:17: RADIUS:  Vendor, Cisco       [26]  16
00:10:17: RADIUS:   ssg-control-info   [253] 10  "I0;20511"
00:10:17: RADIUS:  Vendor, Cisco       [26]  12
00:10:17: RADIUS:   ssg-control-info   [253] 6   "O0;0"
00:10:17: RADIUS:  Acct-Session-Time   [46]  6   384
00:10:17: RADIUS:  Acct-Input-Octets   [42]  6   20511
00:10:17: RADIUS:  Acct-Output-Octets  [43]  6   0
00:10:17: RADIUS:  Acct-Input-Packets  [47]  6   313
00:10:17: RADIUS:  Acct-Output-Packets [48]  6   0
00:10:17: RADIUS:  Acct-Terminate-Cause[49]  6   admin-reset               [6]
00:10:17: RADIUS:  Vendor, Cisco       [26]  34
00:10:17: RADIUS:   Cisco AVpair       [1]   28  "disc-cause-ext=Radius Disc"
00:10:17: RADIUS:  Acct-Status-Type    [40]  6   Stop                      [2]
00:10:17: RADIUS:  NAS-Port-Type       [61]  6   Ethernet                  [15]
00:10:17: RADIUS:  Vendor, Cisco       [26]  36
00:10:17: RADIUS:   Cisco AVpair       [1]   30  "vendor-class-id-tag=MSFT 5.0"
00:10:17: RADIUS:  NAS-Port            [5]   6   1
00:10:17: RADIUS:  NAS-Port-Id         [87]  11  "0/0/0/301"
00:10:17: RADIUS:  Vendor, Cisco       [26]  35
00:10:17: RADIUS:   Cisco AVpair       [1]   29  "circuit-id-tag=0004012d0102"
00:10:17: RADIUS:  Vendor, Cisco       [26]  38
00:10:17: RADIUS:   Cisco AVpair       [1]   32  "remote-id-tag=00060012cfc85d60"
00:10:17: RADIUS:  Vendor, Cisco       [26]  36
00:10:17: RADIUS:   Cisco AVpair       [1]   30  "vendor-class-id-tag=MSFT 5.0"
00:10:17: RADIUS:  Service-Type        [6]   6   Framed                    [2]
00:10:17: RADIUS:  NAS-IP-Address      [4]   6   X.X.X.X
00:10:17: RADIUS:  Unsupported         [151] 10
00:10:17: RADIUS:   39 32 44 41 33 36 34 44          [ 92DA364D]
00:10:17: RADIUS:  Event-Timestamp     [55]  6   1268961364
00:10:17: RADIUS:  Nas-Identifier      [32]  11  "cisco-ISG"
00:10:17: RADIUS:  Acct-Delay-Time     [41]  6   0
00:10:17: RADIUS: Received from id 1646/8 X.X.X.X:1813, Accounting-response, len 20
00:10:17: RADIUS:  authenticator 3B A7 62 7D 1D F1 9D CD - A0 67 F7 06 C6 8F D3 B1

Sessions are set up using DHCPDISCOVER.

interface FastEthernet0/0.301
encapsulation dot1Q 301
ip address 172.30.30.1 255.255.255.0
no cdp enable
service-policy type control RULE_IP_SESSION2a
ip subscriber routed
   initiator dhcp class-aware

Somebode can help me?

975
Views
0
Helpful
0
Replies
CreatePlease to create content