Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1127
Views
0
Helpful
2
Replies

Radius Attribute Integration: ACL not being applied to Subscriber

dfranjoso
Level 1
Level 1

‎10-31-2013 06:12 AM - edited ‎03-01-2019 02:43 PM

Hello Guys,

Need your help here! My LNS is receiving the correct attributes for the Subscriber session:

*Oct 30 15:10:34.868: RADIUS:   Cisco AVpair       [1]   40  "ip:sub-qos-policy-in=INTERNET-15Mb-IN "

*Oct 30 15:10:34.868: RADIUS:  Vendor, Cisco       [26]  48

*Oct 30 15:10:34.868: RADIUS:   Cisco AVpair       [1]   42  "ip:sub-qos-policy-out=INTERNET-15Mb-OUT "

*Oct 30 15:10:34.868: RADIUS:  Vendor, Cisco       [26]  41

*Oct 30 15:10:34.868: RADIUS:   Cisco AVpair       [1]   35  "ip:traffic-class=in default drop "

*Oct 30 15:10:34.868: RADIUS:  Vendor, Cisco       [26]  82

*Oct 30 15:10:34.868: RADIUS:   Cisco AVpair       [1]   76  "ip:traffic-class=input access-group name IPV4_INTERNET_ACL_IN priority 10 "

*Oct 30 15:10:34.868: RADIUS:  Vendor, Cisco       [26]  42

*Oct 30 15:10:34.868: RADIUS:   Cisco AVpair       [1]   36  "ip:traffic-class=out default drop "

*Oct 30 15:10:34.868: RADIUS:  Vendor, Cisco       [26]  84

*Oct 30 15:10:34.868: RADIUS:   Cisco AVpair       [1]   78  "ip:traffic-class=output access-group name IPV4_INTERNET_ACL_OUT priority 10 "

But only the QoS Policies are being applied to the Subcriber. The ACL is not being applied!

xxxxxxx-2951-01#sh subscriber session uid 13 detailed
Unique Session ID: 13
Identifier: testguy1@link.bm
SIP subscriber access type(s): VPDN/PPP
Current SIP options: Req Fwding/Req Fwded
Session Up-time: 17:48:03, Last Changed: 17:48:03
Interface: Virtual-Access2.1

Policy information:
  Context 0107F2F0: Handle A700000D
  AAA_id 00000024: Flow_handle 0
  Authentication status: authen

Session inbound features:
Feature: QoS Policy Map
  Input Policy Map: INTERNET-15Mb-IN

Session outbound features:
Feature: QoS Policy Map
  Output Policy Map: INTERNET-15Mb-OUT

Configuration sources associated with this session:
Interface: Virtual-Template1, Active Time = 17:48:03

This is a 2951 router with IOS 153-3.M.

aaa new-model

aaa authentication login default local

aaa authentication ppp default group radius local

aaa authorization network default group radius

aaa authorization subscriber-service default group radius

aaa accounting network default start-stop group radius

aaa server radius dynamic-author

Thanks guys!!

David

Labels:
0 Helpful
2 Replies 2

Manuel Rodriguez
Cisco Employee
Cisco Employee

‎10-31-2013 07:04 AM

Hi David,

Can you provide a show tech from the device?

Best regards.

0 Helpful

dfranjoso
Level 1
Level 1
In response to Manuel Rodriguez

‎10-31-2013 07:19 AM

Thanks for your reply Manuel. I've just changed some ip addressing.

15370210-LNS Show Tech.log.zip
0 Helpful
Customers Also Viewed These Support Documents