Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

Radius Attribute Integration: ACL not being applied to Subscriber

Hello Guys,

Need your help here! My LNS is receiving the correct attributes for the Subscriber session:

*Oct 30 15:10:34.868: RADIUS:   Cisco AVpair       [1]   40  "ip:sub-qos-policy-in=INTERNET-15Mb-IN "

*Oct 30 15:10:34.868: RADIUS:  Vendor, Cisco       [26]  48

*Oct 30 15:10:34.868: RADIUS:   Cisco AVpair       [1]   42  "ip:sub-qos-policy-out=INTERNET-15Mb-OUT "

*Oct 30 15:10:34.868: RADIUS:  Vendor, Cisco       [26]  41

*Oct 30 15:10:34.868: RADIUS:   Cisco AVpair       [1]   35  "ip:traffic-class=in default drop "

*Oct 30 15:10:34.868: RADIUS:  Vendor, Cisco       [26]  82

*Oct 30 15:10:34.868: RADIUS:   Cisco AVpair       [1]   76  "ip:traffic-class=input access-group name IPV4_INTERNET_ACL_IN priority 10 "

*Oct 30 15:10:34.868: RADIUS:  Vendor, Cisco       [26]  42

*Oct 30 15:10:34.868: RADIUS:   Cisco AVpair       [1]   36  "ip:traffic-class=out default drop "

*Oct 30 15:10:34.868: RADIUS:  Vendor, Cisco       [26]  84

*Oct 30 15:10:34.868: RADIUS:   Cisco AVpair       [1]   78  "ip:traffic-class=output access-group name IPV4_INTERNET_ACL_OUT priority 10 "

But only the QoS Policies are being applied to the Subcriber. The ACL is not being applied!

xxxxxxx-2951-01#sh subscriber session uid 13 detailed
Unique Session ID: 13
Identifier: testguy1@link.bm
SIP subscriber access type(s): VPDN/PPP
Current SIP options: Req Fwding/Req Fwded
Session Up-time: 17:48:03, Last Changed: 17:48:03
Interface: Virtual-Access2.1

Policy information:
  Context 0107F2F0: Handle A700000D
  AAA_id 00000024: Flow_handle 0
  Authentication status: authen

Session inbound features:
Feature: QoS Policy Map
  Input Policy Map: INTERNET-15Mb-IN

Session outbound features:
Feature: QoS Policy Map
  Output Policy Map: INTERNET-15Mb-OUT

Configuration sources associated with this session:
Interface: Virtual-Template1, Active Time = 17:48:03

This is a 2951 router with IOS 153-3.M.

aaa new-model

aaa authentication login default local

aaa authentication ppp default group radius local

aaa authorization network default group radius

aaa authorization subscriber-service default group radius

aaa accounting network default start-stop group radius

aaa server radius dynamic-author

Thanks guys!!

David

2 REPLIES
Cisco Employee

Radius Attribute Integration: ACL not being applied to Subscribe

Hi David,

Can you provide a show tech from the device?

Best regards.

New Member

Re: Radius Attribute Integration: ACL not being applied to Subsc

Thanks for your reply Manuel. I've just changed some ip addressing.

779
Views
0
Helpful
2
Replies
CreatePlease to create content