====== Настройка Cisco ASR1002-f как NAS ======
Данный пример показывает как настроить данную модель для доступа клиентов по PPTP
Однако ничего не мешает подключить ее и как PPPoE и т д
====== Функционал ======
* Выкидывание
* Шейпинг(какой укажите)
* Создание правил ACL
* Online (Графики)
* Турбо
====== Информация о прошивке ======
sh version
Cisco IOS Software, IOS-XE Software (PPC_LINUX_IOSD-ADVENTERPRISEK9-M), Version 15.1(2)S, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Thu 24-Mar-11 23:29 by mcpre
cisco ASR1002-F (2RU) processor with 1703497K/6147K bytes of memory.
4 Gigabit Ethernet interfaces
32768K bytes of non-volatile configuration memory.
4194304K bytes of physical memory.
7798783K bytes of eUSB flash at bootflash:.
Cisco ASR не поддерживает автосогласование скорости на порту SFP,SFP+, поэтому на интерфейсе желательно выключать автосогласование скорости на интерфейсе командой *no negotiation auto*
====== Настройка со стороны MikBiLL NAS ======
Настройки - Сервера NAS
добавите NAS с такими настройками, пароли , IP поменяйте на свое усмотрение.
{{ :billing:nas_access_server:asr1002f.jpg?nolink& |}}
и естественно согласно статье [[billing:configuration:custom_rad_attr|Radius-атрибуты по тарифу]] добавте атрибуты для создания правил шейпинга и т д.
На скриншоте в статье про атрибуты действующие правила с рабочей Cisco.
Для более глубокого понимания рекомендуем набрать в гугле "cisco RADIUS-Based Shaping and Policing"
====== Пример конфига ======
show running-config
Building configuration...
Current configuration : 16492 bytes
!
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no platform punt-keepalive disable-kernel-core
!
hostname ASR
!
boot-start-marker
boot system bootflash:/asr1000rp1-adventerprisek9.03.03.00.S.151-2.S.bin
boot-end-marker
!
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
!
aaa new-model
aaa session-mib disconnect
!
!
aaa authentication login default local
aaa authentication ppp default group radius
aaa authorization network default group radius
aaa accounting delay-start all
aaa accounting update periodic 5
aaa accounting network default start-stop group radius
!
!
aaa server radius proxy
!
!
aaa server radius dynamic-author
client 192.168.0.1 server-key secret
server-key secret
port 3799
!
aaa session-id common
clock timezone eet 2 0
ip source-route
!
!
!
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
redundancy
mode none
!
!
!
!
!
!
class-map match-all 1
match access-group name one
!
policy-map 1
class 1
shape average 3000000
!
!
!
!
!
!
!
!
bba-group pppoe global
virtual-template 1
!
!
interface Port-channel1
no ip address
no negotiation auto
!
interface Port-channel2
ip address 10.40.0.1 255.255.255.0
no negotiation auto
pppoe enable group global
!
!
interface GigabitEthernet0/0/0
no ip address
load-interval 30
negotiation auto
channel-group 1 mode passive
!
interface GigabitEthernet0/0/1
no ip address
load-interval 30
negotiation auto
channel-group 1 mode passive
!
interface GigabitEthernet0/0/2
no ip address
negotiation auto
channel-group 2
!
interface GigabitEthernet0/0/3
no ip address
negotiation auto
channel-group 2
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
ip address 192.168.88.200 255.255.255.0
negotiation auto
!
interface Virtual-Template1
mtu 1492
ip unnumbered Port-channel2
peer default ip address pool pppoepool
ppp authentication chap
ppp ipcp dns 8.8.8.8
!
!
ip local pool pppoepool 10.10.10.1 10.10.10.200
ip default-gateway 192.168.88.1
ip forward-protocol nd
!
ip http server
ip http authentication local
ip http secure-server
!
ip access-list extended one
permit ip any any
!
logging esm config
logging alarm informational
access-list 10 permit any
access-list 11 permit any
!
snmp-server community public RO
snmp ifmib ifalias long
snmp ifmib ifindex persist
!
no radius-server attribute 77 include-in-acct-req
no radius-server attribute 77 include-in-access-req
radius-server attribute 8 include-in-access-req
radius-server attribute nas-port format e UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
radius-server attribute 31 mac format unformatted
radius-server host 192.168.0.1 auth-port 1812 acct-port 1813
radius-server key secret
radius-server authorization default Framed-Protocol ppp
radius-server vsa send cisco-nas-port
radius-server vsa send accounting
radius-server vsa send authentication
!
!
control-plane
!
!
!
!
!
line con 0
exec-timeout 3600 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
exec-timeout 3600 0
absolute-timeout 90
!
ntp server 31.28.161.68
end