При тестировании всё было ОК, на 10 сессиях проблем никаких не наблюдалось, сессии висели положенные 12 часов. После ввода в эксплуатацию и приросту клиентов возникла проблема: время сессии ограничилось 30 минутами, после обрыв. При этом делая sh int Vi41 параметр Time to interface disconnect : absolut 11:38:23, тем самым делаем вывод что с радиуса время сессии приходит верно.
Конфиг Наса
Код: Выделить всё
Current configuration : 7168 bytes
!
! Last configuration change at 19:08:04 MSK Wed Aug 31 2011
!
upgrade fpd auto
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname NAS#1
!
boot-start-marker
boot system flash disk0:c7200p-adventerprisek9-mz.150-1.M.bin
boot-end-marker
!
!
aaa new-model
!
!
aaa group server radius PPPOE_RADIUS
server-private 172.17.2.1 auth-port 1645 acct-port 1646 key 7 06150A225E4B1D
ip radius source-interface GigabitEthernet0/1
!
aaa authentication ppp PPPOE group PPPOE_RADIUS
aaa authorization network PPPOE group PPPOE_RADIUS
aaa accounting update newinfo periodic 5
aaa accounting network PPPOE
action-type start-stop
group PPPOE_RADIUS
!
!
aaa nas port extended
!
!
!
!
aaa session-id common
!
!
!
clock timezone MSK 3
clock summer-time MSK recurring last Sun Mar 2:00 last Sun Oct 3:00
ip source-route
ip cef
!
!
!
!
ip domain name r1.ru-gigabit.net
ip name-server 8.8.8.8
login block-for 60 attempts 3 within 30
login delay 5
no ipv6 cef
!
multilink bundle-name authenticated
vpdn enable
!
vpdn-group 1
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 2
l2tp tunnel timeout no-session 15
!
!
!
!
!
!
!
!
!
archive
log config
hidekeys
username admin password 7
username officevpnuser password 7
!
redundancy
!
!
ip ssh version 2
!
!
!
!
!
!
!
bba-group pppoe global
virtual-template 1
sessions max limit 5000
ac name nas1
sessions per-mac limit 2
sessions auto cleanup
!
!
interface Loopback0
ip address х.х.х.х 255.255.255.255
!
!
!
interface GigabitEthernet0/0
no ip address
ip flow ingress
duplex auto
speed auto
media-type rj45
negotiation auto
no cdp enable
!
!
interface GigabitEthernet0/0.899
description PPPoE Clienti
encapsulation dot1Q 899
pppoe enable group global
no cdp enable
!
!
interface GigabitEthernet0/1
ip address 172.17.0.1 255.255.0.0
ip virtual-reassembly
duplex auto
speed auto
media-type rj45
negotiation auto
!
!
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
negotiation auto
!
!
interface Virtual-Template1
mtu 1492
ip unnumbered Loopback0
ip flow ingress
ip flow egress
ip virtual-reassembly
no logging event link-status
autodetect encapsulation ppp
no peer default ip address
keepalive 5 3
ppp authentication pap chap ms-chap-v2 PPPOE
ppp authorization PPPOE
ppp accounting PPPOE
!
interface Virtual-Template2
ip unnumbered GigabitEthernet0/3
rate-limit input 1024000 128000 256000 conform-action transmit exceed-action drop
rate-limit output 1024000 128000 256000 conform-action transmit exceed-action drop
peer default ip address pool VPN_2_NET_POOL
no keepalive
ppp encrypt mppe auto
ppp authentication pap chap ms-chap
!
!
!
ip local pool VPN_2_NET_POOL 172.17.253.1 172.17.253.3
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip flow-export source GigabitEthernet0/1
ip flow-export version 5
ip flow-export destination 172.17.2.1 9996
!
!
!
!
!
radius-server attribute 6 on-for-login-auth
radius-server attribute 8 include-in-access-req
radius-server attribute 32 include-in-access-req
radius-server attribute 32 include-in-accounting-req
radius-server attribute nas-port format e UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
radius-server attribute 31 mac format unformatted
radius-server vsa send accounting
radius-server vsa send authentication
!
control-plane
!
!
!
mgcp fax t38 ecm
mgcp behavior g729-variants static-pt
!
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
access-class TerminalAccess in
transport input telnet ssh
!
ntp source GigabitEthernet0/3
ntp update-calendar
ntp server pool.ntp.org
ntp server 212.112.228.242
end