Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Default traffic action on ISG

Hello -

My goal is to account and to police traffice from internet only not from our LAN.

Unmatched traffic should be passed.

How can I do this?

Is it possble to change 'Default traffic is dropped' to 'Default traffic is passed'?

Here is my test session

BRAS0#sh subscriber session username testvm@H det

Unique Session ID: 1070

Identifier: testvm@H

...skipped...

Policy information:

Context 50CC99F0: Handle 66000186

AAA_id 0000D1EE: Flow_handle 0

Authentication status: authen

Downloaded User profile, excluding services:

addr x.x.x.1

service-type 2 [Framed]

ssg-account-info "Avl-test"

idletime 300 (0x12C)

Framed-Protocol 1 [PPP]

Downloaded User profile, including services:

addr 213.150.74.1

service-type 2 [Framed]

ssg-account-info "Avl-test"

idletime 300 (0x12C)

Framed-Protocol 1 [PPP]

ssg-service-info "R0.0.0.0;0.0.0.0"

inacl "ClientIn"

outacl "ClientOut"

traffic-class "in access-group name NotLANIn"

traffic-class "out access-group name NotLANOut"

ssg-service-info "QD;512000;96000;192000;U;512000;96000;192000"

Config history for session (recent to oldest):

Access-type: Web-service-logon Client: SM

Policy event: Notification Event (Service)

Profile name: wifi-vl-test, 4 references

ssg-service-info "R0.0.0.0;0.0.0.0"

inacl "ClientIn"

outacl "ClientOut"

traffic-class "in access-group name NotLANIn"

traffic-class "out access-group name NotLANOut"

ssg-service-info "QD;512000;96000;192000;U;512000;96000;192000"

service-type 5 [Outbound]

Access-type: Max Client: SM

Policy event: Process Config Connecting (Unapplied) (Service)

Profile name: BLOCK_ANY, 413 references

password <hidden>

traffic-class "input default drop"

traffic-class "output default drop"

Access-type: PPP Client: SM

Policy event: Process Config Connecting

Profile name: apply-config-only, 2 references

addr x.x.x.1

service-type 2 [Framed]

ssg-account-info "Avl-test"

idletime 300 (0x12C)

Framed-Protocol 1 [PPP]

Access-type: VPDN Client: SM

Policy event: Service Selection Request (Service)

Profile name: BLOCK_ANY, 413 references

password <hidden>

traffic-class "input default drop"

traffic-class "output default drop"

Active services associated with session:

name "vl-test"

Rules, actions and conditions executed:

subscriber rule-map PPP_RULE

condition always event session-start

1 service-policy type service name BLOCK_ANY

subscriber rule-map PPP_RULE

condition always event service-start

1 service-policy type service unapply name BLOCK_ANY

2 service-policy type service identifier service-name

Session inbound features:

Traffic classes:

Traffic class session ID: 1123

ACL Name: NotLANIn, Packets = 1952, Bytes = 1458799

Default traffic is dropped <--- !!!!

Unmatched Packets (dropped) = 3, Re-classified packets (redirected) = 0

Session outbound features:

Feature: PPP Idle Timeout

Timeout value is 300

Idle time is 00:00:00

Traffic classes:

Traffic class session ID: 1123

ACL Name: NotLANOut, Packets = 1129, Bytes = 131659

Default traffic is dropped <--- !!!!

Unmatched Packets (dropped) = 0, Re-classified packets (redirected) = 0

Thanks in advance.

302
Views
0
Helpful
0
Replies