I am new using vyos, we are currently using pppoe aggregator cisco asr1000 and asr9k, we are testing the platform and we found no way to apply the speed profiles already defined in our freeradius database.
In the database, the user has the following attributes, where the download and upload profile will be declared.
Testing in vyos, we verify that the user registers, but does not apply the profile. I share the configuration in vyos and if someone can help me or guide me how to solve this.
Again, welcome to the VyOS community! We’re delighted to have join us.
Question regarding the use of RADIUS attributes with the traffic shaper. Did you apply attributes from RADIUS to the traffic shaper configuration? For example,
set traffic-policy radius-attribute vlanid cisco-avpair
set traffic-policy radius-attribute input-policymap cisco-avpair
set traffic-policy radius-attribute output-policymap cisco-avpair
Assuming that the RADIUS server is correctly sending those attributes.
@fernando could you lend a hand on this issue? Your insights would be greatly appreciated!
I have tried this way and it works, but in case of modifying a speed profile I would have to enter user by user to make the modification, instead of having a policy-map where I would modify the policy-map and the change is saved for all the users who use that profile. In my case I have more than 10,000 users, adding that I still have Cisco equipment working as a pppoe aggregator and migrating from one aggregator to another would be a headache and many hours wasted. What I’m looking for is for vyos to work with the current parameters that I have configured in my users.
Assistance Needed with Per Session Queueing and Shaping for PPPoEoVLAN Using RADIUS.
Dear Sirs,
I hope this message finds you well. I am currently encountering an issue related to per-session Queueing and Shaping for PPPoEoVLAN using RADIUS. To provide you with more details, I have shared my router configuration below along with the corresponding error log.
Router Configuration:
Current configuration : 26624 bytes
!
! Last configuration change at 02:00:55 UTC Thu Dec 7 2023 by admin
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service unsupported-transceiver
no platform punt-keepalive disable-kernel-core
!
hostname ASR1004
!
boot-start-marker
boot system bootflash:asr1000rp1-adventerprisek9.03.16.06.S.155-3.S6-ext.bin
boot-end-marker
!
logging userinfo
logging buffered 2147483
enable secret 5 $1$kWu6$n0tgy9LG2HK1235485215FVMPBfqR.
enable password 7 000D4A1888884743534F5E260C
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication ppp default group radius
aaa authorization exec default local
aaa authorization network default group radius
aaa accounting update newinfo periodic 1
aaa accounting network default start-stop group radius
!
!
!
!
aaa server radius dynamic-author
client 10.168.128.11 server-key 7 130C4E07888888510A28
port 3799
auth-type all
ignore session-key
ignore server-key
!
aaa session-id common
aaa policy interface-config allow-subinterface
!
ip name-server 8.8.8.8
ip domain name impresso.solutions
!
multilink bundle-name authenticated
!
class-map match-any PRIORITY_TRAFFIC_CLASS_MAP
match access-group name GGC.FNA.TRAFFIC_ACL
match protocol http
match protocol snmp
match protocol smtp
match protocol imap
match protocol dns
match protocol icmp
match protocol pop3
match protocol google-play
match protocol youtube
class-map match-all UNLIMITED
match access-group 101
class-map match-any VOICE
match access-group 101
!
policy-map child-6mbps-pppoe
class class-default
queue-limit 70 packets
random-detect
policy-map 6mbps
class UNLIMITED
shape average 6000000
service-policy child-6mbps-pppoe
policy-map 5mbps-pppoe
class UNLIMITED
priority percent 100
class VOICE
police 5000000 conform-action transmit exceed-action drop
class class-default
fair-queue
policy-map 5mbps
class class-default
shape average 5000000
service-policy 5mbps-pppoe
policy-map TRAFFIC_POLICY_MAP
class PRIORITY_TRAFFIC_CLASS_MAP
bandwidth remaining percent 100
policy-map 5mbps_test
class class-default
police cir 5120000 bc 6000 be 6000 conform-action transmit exceed-action drop
!
bba-group pppoe global
virtual-template 1
sessions per-vc limit 65535
sessions per-vlan limit 65535
sessions auto cleanup
!
bba-group pppoe 6mbps
virtual-template 6
sessions per-vc limit 65535
sessions per-vlan limit 65535
sessions auto cleanup
!
bba-group pppoe 8mbps
virtual-template 8
sessions per-vc limit 65535
sessions per-vlan limit 65535
sessions auto cleanup
!
bba-group pppoe 10mbps
virtual-template 10
sessions per-vc limit 65535
sessions per-vlan limit 65535
sessions auto cleanup
!
bba-group pppoe 15mbps
virtual-template 15
sessions per-vc limit 65535
sessions per-vlan limit 65535
sessions auto cleanup
!
bba-group pppoe 20mbps
virtual-template 20
sessions per-vc limit 65535
sessions per-vlan limit 65535
sessions auto cleanup
!
!
!
interface Loopback0
ip address 10.1.0.0 255.255.255.255
!
interface Loopback6
ip address 10.2.0.0 255.255.255.255
!
interface Loopback8
ip address 10.3.0.0 255.255.255.255
!
interface Loopback10
ip address 10.4.0.0 255.255.255.255
!
interface Loopback15
ip address 10.6.0.0 255.255.255.255
!
interface Loopback20
no ip address
!
interface Port-channel35
description ULINK.NXU.ETH15.16
no ip address
!
interface Port-channel35.2
description PPPoE.JAMSHA.VLAN02
encapsulation dot1Q 2
shutdown
pppoe enable group global
!
interface Port-channel35.148
description PPPoE.GolayDanga.VLAN0148
encapsulation dot1Q 148
pppoe enable group global
!
interface Port-channel35.160
description PPPoE.GolayDanga.VLAN0160
encapsulation dot1Q 160
pppoe enable group global
!
interface Port-channel35.161
description PPPoE.GolayDanga.VLAN0161
encapsulation dot1Q 161
pppoe enable group global
!
interface Port-channel35.208
description PPPoE.MR.SADEK.JAMTI.VLAN208
encapsulation dot1Q 208
pppoe enable group global
!
interface Port-channel35.260
description PPPoE.GolayDanga.VLAN0260
encapsulation dot1Q 260
shutdown
pppoe enable group global
!
interface Port-channel35.484
description PPPoE.CLIENT.TEST.V484
encapsulation dot1Q 484
pppoe enable group global
!
interface Virtual-Template1
mtu 1492
ip unnumbered Loopback0
ip nat inside
peer default ip address pool 5mbps
keepalive 60
ppp authentication pap
ppp ipcp dns 8.8.8.8 8.8.4.4
ppp ipcp address required
ppp ipcp address unique
ppp ipcp address accept
service-policy output 5mbps
!
interface Virtual-Template6
mtu 1492
ip unnumbered Loopback6
ip nat inside
peer default ip address pool 6mbps
keepalive 60
ppp authentication pap
ppp ipcp dns accept
ppp ipcp address accept
service-policy output 6mbps
!
interface Virtual-Template8
mtu 1492
ip unnumbered Loopback8
ip nat inside
peer default ip address pool 8mbps
keepalive 60
ppp authentication pap
ppp ipcp dns accept
ppp ipcp address accept
!
interface Virtual-Template10
mtu 1492
ip unnumbered Loopback10
ip nat inside
peer default ip address pool 10mbps
keepalive 60
ppp authentication pap
ppp ipcp dns accept
ppp ipcp address accept
!
interface Virtual-Template15
mtu 1492
ip unnumbered Loopback15
ip nat inside
peer default ip address pool 15mbps
keepalive 60
ppp authentication pap
ppp ipcp dns accept
ppp ipcp address accept
!
interface Virtual-Template20
mtu 1492
ip unnumbered Loopback20
ip nat inside
peer default ip address pool 20mbps
keepalive 60
ppp authentication pap
ppp ipcp dns accept
ppp ipcp address accept
!
ip local pool 5mbps 10.1.0.2 10.1.255.254
ip local pool 6mbps 10.2.0.0 10.2.255.255
ip local pool 8mbps 10.3.0.1 10.3.255.255
ip local pool 10mbps 10.4.0.1 10.4.255.255
ip local pool 15mbps 10.5.0.1 10.5.255.255
ip local pool 20mbps 10.6.0.1 10.6.255.255
!
access-list 101 permit ip any 103.15.42.64 0.0.0.31
access-list 101 permit ip any 103.15.42.96 0.0.0.31
access-list 101 permit ip any 103.15.42.192 0.0.0.31
access-list 101 permit ip any 103.15.42.224 0.0.0.31
access-list 101 permit ip any 103.15.41.192 0.0.0.63
access-list 101 permit ip any 103.15.42.128 0.0.0.63
access-list 101 permit ip any 103.137.159.64 0.0.0.63
access-list 101 permit ip any 103.230.16.0 0.0.0.63
access-list 101 permit ip 10.0.0.0 0.255.255.255 any
!
!
radius-server attribute 8 include-in-access-req
radius-server attribute 32 include-in-access-req format %d
radius-server attribute 32 include-in-accounting-req
radius-server attribute 55 access-request include
radius-server attribute 25 access-request include
radius-server attribute 30 original-called-number
radius-server attribute 61 extended
radius-server attribute 31 mac format ietf
radius-server attribute 31 send nas-port-detail
radius-server attribute 31 remote-id
radius-server attribute nas-port-id include vendor-class-id plus remote-id plus circuit-id
!
radius server BP.IMPRESSO.SOLUTIONS
address ipv4 10.168.128.11 auth-port 1812 acct-port 1813
key 7 104788888C5203472B0F
end
Error Log:
*Dec 7 02:05:24.074: shape average command is not supported in the input direction for this interface
*Dec 7 02:05:24.074: Configuration failed on Session iftype
*Dec 7 02:05:24.075: %QOS-6-POLICY_INST_FAILED: Service policy installation failed on SSS session identifier 483 - policy:5mbps, dir:IN, ptype:, ctype:DEFAULT
I kindly request your assistance in resolving this issue. Your expertise and guidance would be greatly appreciated.