>если заводить по радиусу, то циска именованные ACL создаёт, после `#' -
>номер правила в ACL
>
>Cisco-avpair="ip:inacl#1=deny tcp any any eq 25"
>Cisco-avpair+="ip:inacl#2=permit ip any any" после Send Access-Request
debug пишет:
Jul 9 09:22:06.707: RADIUS: Received from id 1645/196 10.141.1.1:1812, Access-Accept, len 203
Jul 9 09:22:06.707: RADIUS: authenticator 9F 0C E7 71 FE 3A AE 8D - D3 83 11 DB D3 49 A4 01
Jul 9 09:22:06.707: RADIUS: Framed-Protocol [7] 6 PPP [1]
Jul 9 09:22:06.707: RADIUS: Framed-Compression [13] 6 VJ TCP/IP Header Compressi[1]
Jul 9 09:22:06.707: RADIUS: Service-Type [6] 6 Outbound [5]
Jul 9 09:22:06.707: RADIUS: Session-Timeout [27] 6 360000
Jul 9 09:22:06.707: RADIUS: Vendor, Cisco [26] 58
Jul 9 09:22:06.707: RADIUS: Cisco AVpair [1] 52 "ip:inacl#1= permit icmp any host 81.x.xxx.xxx echo"
Jul 9 09:22:06.707: RADIUS: Vendor, Cisco [26] 64
Jul 9 09:22:06.707: RADIUS: Cisco AVpair [1] 58 "ip:inacl#2= permit icmp any host 81.x.xxx.xxx echo-reply"
Jul 9 09:22:06.707: RADIUS: Vendor, Cisco [26] 37
Jul 9 09:22:06.707: RADIUS: Cisco AVpair [1] 31 "ip:inacl#3= deny icmp any any"
Jul 9 09:22:06.707: RADIUS(00000165): Received from id 1645/196
Jul 9 09:22:06.711: %LINK-3-UPDOWN: Interface Virtual-Access5, changed state to up
Jul 9 09:22:06.711: RADIUS/ENCODE(00000165):Orig. component type = VPDN
x - закрыл
Ping c vpn-клиента 10.141.1.xxx не проходит на 81.x.xxx.xxx
Может быть такое что при pppoe такая форма записи не действует? Cisco-avpair="ip:inacl#1=deny tcp any any eq 25"
