Cisco ASR 9010: PPPoE with Radius
This tutorial shows how to configure Cisco ASR 9010 device with Splynx server.
- Make RADIUS configuration on ASR and Splynx server side
Splynx server
Navigate to Networking → Routers → Add
in order to add a new router. In new window fill out the required fields.
NOTE:
- In NAS type field choose
Cisco IOS XE
value. If such type does not exist, it can be created inConfig → Networking → NAS types
; - The IP address of your Cisco ASR router in IP/Host and NAS IP should be the same;
- The value in Radius secret filed will be used in your Cisco ASR device to connect it with radd server in Splynx;
- In Authorization/Accounting field choose
PPP/DHCP(Radius) / Radius accounting
value.
Cisco ASR 9010
To determine the radius server use the following commands:
NOTE: It is necessary to create a RADIUS server group to attach AAA functions to Splynx radius server.
aaa group server radius SPLYNX
server x.x.x.x auth-port 1812 acct-port 1813
vrf DMZ
source-interface INtxxxx #use interface connected to Splynx
radius-server host x.x.x.x auth-port 1812 acct-port 1813 #these ports are default but can be changed
key XXXXXXXXXXXX #use the Radius secret generated in Splynx
timeout 10
retransmit 5
Radius configuration for AAA
aaa authorization network default group SPLYNX
aaa accounting network default start-stop group SPLYNX
aaa accounting service default group SPLYNX
aaa accounting subscriber default group SPLYNX
aaa authorization subscriber default group SPLYNX
aaa authentication subscriber default group SPLYNX
Also, it is required to configure COA/COD session disconnect:
To allow incoming requests from RADIUS server:
aaa server radius dynamic-author
port 3799
client x.x.x.x vrf DMZ #Splynx radd server IP
server-key #(key defined in Splynx)
- Make the following configuration on Cisco ASR
Create loopback interface which will be a default gateway for your PPPoE users:
interface Loopback10
ipv4 address x.x.x.x 255.255.255.255
Create a dynamic template for your PPPoE users:
dynamic-template
type ppp SPLYNX_PPP_Chap
ppp authentication chap
keepalive 60 3
ppp ipcp dns 1.1.1.1 8.8.8.8
accounting aaa list default type session periodic-interval 5
ipv4 unnumbered Loopback10
type ppp dynamic-template
type service s1
ipv4 unnumbered Loopback10
- PPPoE access for subscribers and define policy on Splynx/ASR
Cisco ASR:
This configuration is a one-off and does not trigger your tariffs.
subscriber
pta tcp mss-adjust 1430
pppoe bba-group SPLYNX_PPPOE
service selection disable
class-map type control subscriber match-any PPP
match protocol ppp
end-class-map
policy-map type control subscriber PPP_PM
event session-start match-first
class type control subscriber PPP do-until-failure
10 activate dynamic-template SPLYNX_PPP_Chap
event session-activate match-first
class type control subscriber PPP do-until-failure
10 authenticate aaa list default
end-policy-map
After that, it is required to configure interface:
interface Bundle-Ether1.920
ipv4 point-to-point
ipv4 unnumbered Loopback10
service-policy type control subscriber PPP_PM
pppoe enable bba-group SPLYNX_PPPOE
encapsulation dot1q 920
- If the different VLANs are used, it is required to configure more interfaces but service policy will be the same, On this step you configure Splynx and Cisco ASR to define speed limits according tariff plan.
Splynx server
Add the two additional fields to tariff plan (e.g. Internet plan) - policy_ingress
and policy_egress
(if you already have this fields, please skip this step).
In this fields you should put the names of policy which are defined in Cisco ASR according to your plan.
Important: the policy names should be the same as were defined in Cisco ASR.
In Config → Networking → Radius → NAS config → Cisco IOS XE Configuration → Rate-Limit attributes
the next rules need to be set:
Cisco-AVPair = ip:sub-qos-policy-out={{ tariff_attributes.policy_ingress }}
Cisco-AVPair += ip:sub-qos-policy-in={{ tariff_attributes.policy_egress }}
Cisco ASR:
Create a policy map to control upload and download speed. Important: the policy map names should be the same as were defined in the additional fields of tariff plan.
policy-map POLICY_CUSTOMER_EGRESS_100Mbps
class CUSTOMER_PREC_ALL
shape average 100000000 bps
queue-limit 1000000 bytes
class class-default
end-policy-map
policy-map POLICY_CUSTOMER_INGRESS_100Mbps
class class-default
police rate 100000000 bps
conform-action transmit
exceed-action drop
end-policy-map