ISGv2 Control policies: различия между версиями
Материал из noname.com.ua
Перейти к навигацииПерейти к поискуSirmax (обсуждение | вклад) (Новая страница: «=Control policies=») |
Sirmax (обсуждение | вклад) |
||
| Строка 1: | Строка 1: | ||
| + | [[Категория:ISG]] |
||
| + | [[Категория:Networking]] |
||
| + | [[Категория:Cisco]] |
||
| + | |||
=Control policies= |
=Control policies= |
||
| + | Политики управляют всей логикой |
||
| + | |||
| + | =1= |
||
| + | Ч |
||
| + | <PRE> |
||
| + | policy-map type control ISG-CUSTOMERS-POLICY |
||
| + | class type control ISG-IP-UNAUTH event timed-policy-expiry |
||
| + | 1 service disconnect |
||
| + | ! |
||
| + | class type control always event session-start |
||
| + | 10 authorize aaa list AAA-LIST-ISG-AUTH password secret identifier source-ip-address |
||
| + | 20 set-timer UNAUTH-TIMER 5 |
||
| + | 30 service-policy type service name POLICY_MAP_SERVICE_ON_SESSION_START_ |
||
| + | ! |
||
| + | class type control always event session-restart |
||
| + | 10 authorize aaa list AAA-LIST-ISG-AUTH password secret identifier source-ip-address |
||
| + | 20 set-timer UNAUTH-TIMER 5 |
||
| + | 30 service-policy type service name POLICY_MAP_SERVICE_ON_SESSION_RESTART_ |
||
| + | ! |
||
| + | class type control always event service-stop |
||
| + | 1 service-policy type service unapply identifier service-name |
||
| + | 10 service-policy type service unapply identifier service-name |
||
| + | 20 log-session-state |
||
| + | ! |
||
| + | class type control always event radius-timeout |
||
| + | 20 set-timer UNAUTH-TIMER 60 |
||
| + | 30 service-policy type service name POLICY_MAP_SERVICE_ON_SESSION_RADIUS_TIMEOUT_ |
||
| + | ! |
||
| + | class type control always event access-reject |
||
| + | 20 set-timer UNAUTH-TIMER 60 |
||
| + | 30 service-policy type service name ALLOW_172_31_100_2 |
||
| + | 40 service-policy type service name ALLOW_172_31_100_3_SPEED_8k |
||
| + | 50 service-policy type service name NO_SERVICE |
||
| + | ! |
||
| + | </PRE> |
||
Версия 15:16, 9 мая 2023
Control policies
Политики управляют всей логикой
1
Ч
policy-map type control ISG-CUSTOMERS-POLICY class type control ISG-IP-UNAUTH event timed-policy-expiry 1 service disconnect ! class type control always event session-start 10 authorize aaa list AAA-LIST-ISG-AUTH password secret identifier source-ip-address 20 set-timer UNAUTH-TIMER 5 30 service-policy type service name POLICY_MAP_SERVICE_ON_SESSION_START_ ! class type control always event session-restart 10 authorize aaa list AAA-LIST-ISG-AUTH password secret identifier source-ip-address 20 set-timer UNAUTH-TIMER 5 30 service-policy type service name POLICY_MAP_SERVICE_ON_SESSION_RESTART_ ! class type control always event service-stop 1 service-policy type service unapply identifier service-name 10 service-policy type service unapply identifier service-name 20 log-session-state ! class type control always event radius-timeout 20 set-timer UNAUTH-TIMER 60 30 service-policy type service name POLICY_MAP_SERVICE_ON_SESSION_RADIUS_TIMEOUT_ ! class type control always event access-reject 20 set-timer UNAUTH-TIMER 60 30 service-policy type service name ALLOW_172_31_100_2 40 service-policy type service name ALLOW_172_31_100_3_SPEED_8k 50 service-policy type service name NO_SERVICE !
