HTTP redirection does not work on BNG (ASR9000, XR 4.3.0)
Hi all
(1) I have to do for cool subscribers redirect http . Ideally I need to redirect http only for certain users based on the response received from the RADIUS (accept/decline) or according to a RADIUS attribute. For the test I add rule 15 in my control policy-map.
If I remove 15 rule in the policy-map IPOE_POLICYMAP the session active. But if I use policy-map with 15 rule my BNG send DHCP NAK in response to the user try to re - obtain IP address. Discover/NAK-discover/NAK and so on. Session set up. Where is the problem?
without rule 15:
DHCPD PROXY: TP1908: applicant Manager called to CHADRR aaaa.bbbb.cccc with event PACKET
DHCPD PROXY: TP2483: use server response ID 213.x.x.254 for 213.x.x.211 for CHADRR aaaa.bbbb.cccc yiaddr
Article 15:
DHCPD PROXY: TP1908: applicant Manager called to CHADRR 0015.582c.96cb with the DPM_DISCONNECT event
DHCPD PROXY: TP2805: delete customer called for CHADRR 0015.582c.96cb for reason disconnected Session
DHCPD PROXY: TP1908: applicant Manager called to CHADRR 0015.582c.96cb with the PACKAGE-DROP event
(2) can I do "-http redirect" via sent VSA Avpair attributes of BNG in ACCESS-ACCEPT RADIUS? For example I have
successfully car limit through "sub-qos-policy-in/sub-qos-policy-out". It appears cisco -avpair= "url -redirect=http://...". "does not work with ASR9000.
(3) why unauthenticated session cool stay after ACCESS_ACCEPT has been received from RADIUS? It is normal for cool?
I see "sh ipsubscriber session all the detail" and "sh RADIUS.
-------
interface Bundle - Ether1.10
HOMENET description
IPv4 point-to-point
IPv4 unnumbered Loopback1
disable the ARP of learning
Subscriber control type of service-strategy IPOE_POLICYMAP
encapsulation dot1q 10
IPv4 ipsubscriber l2-connected
initiator dhcp
Subscriber control type class-map correspondence-everything DHCP_INIT
match Protocol dhcpv4
end-class-map
Subscriber control policy-map type IPOE_POLICYMAP
starting a match-all event session
class type control subscriber DHCP_INIT - until the failure
5 allow aaa list default format SUB_AUTH password cisco
10 activate dynamic-model IBSUB_TEMPLATE
15 enable dynamic-model IPSUB_UNAUTH_TEMPLATE<-->-->
dynamic model
!
type ipsubscriber IBSUB_TEMPLATE
IPv4 unnumbered Loopback1
way of 100 IPv4 access-group
group-access 100 IPv4 output
!
type ipsubscriber IPSUB_UNAUTH_TEMPLATE
type of service-strategy CPR l4_redirect
Policy-map type ACB l4_redirect
traffic of type class IPSUB_PERMIT_CLASS
transmit
!
traffic of type class HTTP_TRAF_REDIRECT_CLASS
redirect http- http://113.x.x.5
!
class type default traffic class
drop
!
end-policy-map
type of traffic IPSUB_PERMIT_CLASS all match class-map
group-access ipv4 110 match
end-class-map
!
type of class-card traffic of correspondence HTTP_TRAF_REDIRECT_CLASS
group-access ipv4 120 game
end-class-map
IPv4-access list 100
10 allow icmp a whole
allow 20 udp a whole
30 permit tcp any 113.x.x.0/24 eq www
allow 40 113.x.x.0/24 eq www a tcp
100 deny ipv4 a
!
IPv4-access list 110
10 allow icmp a whole
allow 20 udp a whole
30 permit tcp any 113.x.x.0/24 eq www
100 deny ipv4 a
!
IPv4-access list 120
30 permit tcp any any eq www
100 deny ipv4 a
---
Concerning
Oleg, another pointer, the first thing you should see, is if the ACB is actually applied to your session, like this:
RP/0/RSP0 / CPU0:BNG #show policy-map type int ACB all
Mon Oct 7 23:54:19.361 UTC
node0_0_CPU0: (null): the service policy is not installed
node0_RSP0_CPU0:
Bundle - Ether100.540.ip395 entry: HTTPRDRT_PBR
Policy name: HTTPRDRT_PBR
Class SRVS_CM
Classification statistics (packets/bytes) (maybe old 10secs)
Correspondence: 197/17039
Statistics transmitted (packets/bytes) (maybe old 10secs)
Total sent: 197/17039
Class HTTPRDRT_CM
Classification statistics (packages)
Matched : 0
HTTPR statistics (packages)
Applications received: 0
Answers: 0
Redirect drops: 0
Class class by default
Classification statistics (packets/bytes) (maybe old 10secs)
Correspondence: 1/102
Statistics dropped (packets/bytes) (maybe old 10secs)
Total has fallen: 1/102
IF you see this and it still doesn't work, then you need to take a look at your config to redirect, for my tests, I used and the ACLs that allow all traffic tcp/www. I've never denied all traffic, as you do on line 100.
Tags: Cisco Support
Similar Questions
-
FRM-10142 the http listener does not work on the name of the computer to the port 80
Hello
During the race, the oracle 12 c form a following error message
FRM-10142 the http listener does not work on the name of the computer to port 80. Please start the receiver or check your preferences of runtime.
Sandy
First, you will need to check the SST is running.
go to admin server url in your browser, click on the target icon that is left top of your admin home go to the http server and then start your ohs1.
and open your generator of forms go to the updated runtime default url like e.g. OSH, you can find your url such as http://localhost:7777 or http://localhost:7779.
your full url looks like this format http://localhost:7777/forms/frmservlet or http://localhost:7779/forms/frmservlet.
Localhost can be your default ip 127.0.0.1 or any static ip 192.0.0.10 address in this format.
-
HTTPS Post does not work in the OFA Page
Hi all
I created a Page of the OFA, by clicking on button I do next.
//--------------------------------------------------------
private static String contactService(String xmlInputString) throws Exception {}
String outputStr = null;
OutputStream outputStream = null;
try {}
URL url = new URL ("https://wwwcie.ups.com/ups.app/xml/ShipConfirm");
HttpURLConnection connection = () (HttpURLConnection) url.openConnection;
System.out.println ("Customer connection established with" + url.toString ());
Configure the HTTP POST parameters
connection.setDoOutput (true);
connection.setDoInput (true);
connection.setUseCaches (false);
outputStream = connection.getOutputStream ();
outputStream.write (xmlInputString.getBytes ());
outputStream.flush ();
outputStream.close ();
System.out.println ("Http status =" + connection.getResponseCode () + "" + connection.getResponseMessage ());
outputStr = readURLConnection (connection);
System.out.println ("Response..." + outputStr);
} catch (Exception e) {}
System.out.println ("error sending data to the server..." + e.getMessage ());
throw e;
} {Finally
If (outputStream! = null) {}
outputStream.close ();
outputStream = null;
}
}
Return outputStr;
}
//----------------------------------------------------
public static String readURLConnection (URLConnection uc) throws Exception {}
StringBuffer buffer = new StringBuffer();
BufferedReader reader = null;
try {}
reader = new BufferedReader (new InputStreamReader (uc.getInputStream ()));
Letter int = 0;
reader.readLine ();
While ((letter = reader.read ())! = - 1) {}
Letter from buffer. Append ((Char));
}
Reader.Close ();
} catch (Exception e) {}
System.out.println ("could not read from URL:" + try ());
throw e;
} {Finally
If (reader! = null) {}
Reader.Close ();
Reader = null;
}
}
Return buffer.toString ();
}
Now, when I run this JDEVELOPER local it works fine, but when when depolyed on the server, then when I click the button then page gets hanged and it does nothing.
Is there any setting I should do in APPS environment. or anyone had done the same. any help will be appreciated.
Thank you
Vijay chraibiHello
If your code works fine in JDev and it does not work on the instance, then you can trigger SR with Oracle for Ptoduct JDeveloper.
Kind regards
Out Sharma -
Printer redirection does not work in vWorkspace 8.0
Hi all
I am facing problem of printer redirection in Windows 2003 TS.
When I try to connect via RDP, then the local computer printer redirection works very well.
But when I connect Server Terminal Server via url web vworkspace then the printer is not redirection. It does not show in the printer and the camera.
Pease help me solve this problem.
We use vWorkspace 8.0 and windows server 2003 as a Terminal server server.
Thank you
Jean Claude
Redirect has not been activated.
-
FRM-10142: the HTTP listener does not work
Hello
To avoid the Frm-10142, I put this in the form designer... Edit Menu-> Preferences-> DURATION.
Give the application server URL:
?. 255.?. ? : 8889/forms90/f90servlet
some time? is the real number of the real IP. But then I again:
FRM-10142: the HTTP listener is not running... Why?
Many thanks and best regards,
Human
Published by: human Chen on May 22, 2012 12:22It is always useful to search before posting, and specifying all the steps you've tried.
Start here.
http://www.rhsmith.UMD.edu/doit/Oracle/frmrun.htm
{: ID = 223623 thread}
Kind regards
-
Mobile redirection does not work
Hello
My site is vankostudio.com. The version of the Tablet works fine and it redirects to how it is supposed to. However, the mobile version redirects at all. If you type www.vankostudio.com on a mobile device, it gives you an error message. But if you physically type www.vankostudio.com/mobile, it works. Do you know why he is not redirect?
Thank you!
Hello
Muse generates the code for the 'Phone' folder not for 'mobile', check
Have you tried to rename the name of the folder of Mobile phone and see if that fixes the problem.
-
have one before the start of the header:
owa_util. REDIRECT_URL ('f? p ='& APP_ID.:1: & APP_SESSION);
apex_application.g_unrecoverable_error: = true;
not sure if the syntax is correct
But anyway I expected not this error
the indices of anyone?Try:
owa_util. REDIRECT_URL('f?p=&APP_ID.:1:&APP_SESSION.');
Rod West
-
Layout phone redirection does not - built and hosted on Muse
Hello
I just added as a Tablet and phone to my Muse built office layout. The redirect works fine for the Tablet, but the desktop version happens on my smartphone (Android Moto X). The Web page is http://www.elegantperfection.com/ that I am hosting with Adobe so I struck just publish - I do not use to publish to FTP. The settings in the properties of the site are to redirect; not sure if there is another step, but it seems to work fine for the tablet. Any ideas as to why the redirect does not work? Thank you!
Hello
I see that you published the Business catalyst site, in this case, could you please try to re - publish the entire site again, and check if that helps?
-
Muse on BC - URL list site redirects does not
Hello. A Muse site just disappeared live on host BC.
URL redirects don't seem to work.
Do a Google search on "parkerandassociates.co.nz Amy Williamson" gives a result from the screenshot below shows the redirect that it should work, but in reality, the page is not be found at http://www.parkerandassociates.co.nz/people/amy-williamson/ . I tried several times to change the Action and also imported the Import URL redirection method and it imported successfully.
My import file was CSV and had a line for the following columns old Url compound (= / people/amy-williamson /) new URL (/ amy - williamson.html) enabled (True). I wasn't sure what to put in the column for Enabled, so I put "True", as shown below. But still the redirection does not work.
Can someone tell me where I go wrong?
See you soon
Grant
Hi Grant Senior,
Update the source of redirection of/people/amy-williamson / to /people/amy-williamson/index.html and the http://www.parkerandassociates.co.nz/people/amy-williamson/ URL should then redirect successfully. It's because BC sees the source in a directory and not a real page.
I've done this for http://www.parkerandassociates.co.nz/people/amy-williamson/ in your name and can confirm that it works now.
See you soon.
-
Internet does not work, make HTTP: error 12007 connection
* original title - error 12007 I need help! *
I have a Windows XP with Service Pack 3 internet does not work. I got tired, he works with this http://answers.microsoft.com/en-us/ie/forum/ie8-windows_other/error-12007-the-server-name-or-address-could-not/2cbfb8a8-8970-4aaf-843c-1c781dc8053f post, but when I tried it on my netbook my windows update comes out of @%SystemRoot%\system32\shell32.dll,-22580
I have an idea I have a missing or corrupted WinSock, but I'm not sure.
Diagnosis of last run time: 23/01/12-18:52:53
WinSock diagnostic
WinSock status
attmpting error information to validate the WinSock providers database: 2
error not all entries could be found in the basic services provider winsock catalog. A reboot is required.
user redirection of information in support of the appeal.
user redirection of information in support of the appeal.
Diagnosis of network adapter
Network location detection
Info
Using the Internet connection at home
Identification of network adapter
Info
Network connection: name = Wireless 3 network, device = Broadcom 802. 1 1 b/g WLAN, LAN = Media Type, type SubMedia = wireless
Info
Network connection: name = connection to the network of Local 2, device = Atheros AR8132 PCI - E Fast Ethernet Controller, Media Type = LAN, type SubMedia LAN =
Info
Connections Ethernet and wireless available, ask the user for selection
action
User input required: select network connection
Info
WiFi selected
State of the network adapter
Info
The network connection status: connected
HTTP, HTTPS, FTP Diagnostic
HTTP, HTTPS, FTP connectivity
warn
HTTP: Error 12007 connecting to www.microsoft.com: the server name or address cannot be resolved
warn
HTTPS: Error 12007 connecting to www.microsoft.com: the server name or address cannot be resolved
warn
FTP (passive): error 12007 connecting to FTP.Microsoft.com: the server name or address cannot be resolved
warn
HTTP: Error 12007 connecting to www.hotmail.com: the server name or address cannot be resolved
warn
HTTPS: Error 12007 connecting to www.passport.net: the server name or address cannot be resolved
warn
FTP (active): error 12007 connecting to FTP.Microsoft.com: the server name or address cannot be resolved
error
Could not make an HTTP connection.
error
Could not make an HTTPS connection.
error
Could not make an FTP connection.
Hello
You can refer to the suggestion provided by Divya the similar thread with a possible solution:
-
HTTPS access to the router does not work with Firefox 33.0
HTTPS access to the router Linksys wrt610n has worked so that Firefox 32.0.3 the dd - wrt software of this router is self-signed certificate with the public key RSA = 512 bits (Yes, it's too short today). From Firefox 33.0 and whose 34, 35, 36-access https does not work. It is desirable to restore https behavior as in Firefox 32.0.3 (with warning and ability to do security exception). Please see the attachment with a https query result in different versions of Firefox.
Thank you.Hello, make suggestions to the https://support.mozilla.org/en-US/questions/1038487 help in your case?
-
my browser cannot open google and facebook and other https sites that it does not open even the app store does not work, I tried to change my DNS google DNS and disable IPv6 but still no use, help PLZ!
You may have installed one or more variants of the malware "VSearch' ad-injection. Please back up all data, and then take the steps below to disable it.
Do not use any type of product, "anti-virus" or "anti-malware" on a Mac. It is never necessary for her, and relying on it for protection makes you more vulnerable to attacks, not less.
Malware is constantly evolving to work around defenses against it. This procedure works now, I know. It will not work in the future. Anyone finding this comment a couple of days or more after it was published should look for a more recent discussion, or start a new one.
Step 1
VSearch malware tries to hide by varying names of the files it installs. It regenerates itself also if you try to remove it when it is run. To remove it, you must first start in safe mode temporarily disable the malware.
Note: If FileVault is enabled in OS X 10.9 or an earlier version, or if a firmware password is defined, or if the boot volume is a software RAID, you can not do this. Ask for other instructions.
Step 2
When running in safe mode, load the web page and then triple - click on the line below to select. Copy the text to the Clipboard by pressing Control-C key combination:
/Library/LaunchDaemons
In the Finder, select
Go ▹ go to the folder...
from the menu bar and paste it into the box that opens by pressing command + V. You won't see what you pasted a newline being included. Press return.
A folder named "LaunchDaemons" can open. If this is the case, press the combination of keys command-2 to select the display of the list, if it is not already selected.
There should be a column in the update Finder window. Click this title two times to sort the content by date with the most recent at the top. Please don't skip this step. Files that belong to an instance of VSearch will have the same date of change for a few minutes, then they will be grouped together when you sort the folder this way, which makes them easy to identify.
Step 3
In the LaunchDaemons folder, there may be one or more files with the name of this form:
com Apple.something.plist
When something is a random string, without the letters, different in each case.
Note that the name consists of four words separated by dots. Typical examples are:
com Apple.builins.plist
com Apple.cereng.plist
com Apple.nysgar.plist
There may be one or more items with a name of the form:
com.something.plist
Yet once something is a random string, without meaning - not necessarily the same as that which appears in one of the other file names.
These names consist of three words separated by dots. Typical examples are:
com.semifasciaUpd.plist
com.ubuiling.plist
Sometimes there are items (usually not more than one) with the name of this form:
com.something .net - preferences.plist
This name consists of four words (the third hyphen) separated by periods. Typical example:
com.jangly .net - preferences.plist
Drag all items in the basket. You may be prompted for administrator login password.
Restart the computer and empty the trash.
Examples of legitimate files located in the same folder:
com.apple.FinalCutServer.fcsvr_ldsd.plist
com Apple.Installer.osmessagetracing.plist
com Apple.Qmaster.qmasterd.plist
com Apple.aelwriter.plist
com Apple.SERVERD.plist
com Tether.plist
The first three are clearly not VSearch files because the names do not match the above models. The last three are not easy to distinguish by the name alone, but the modification date will be earlier than the date at which VSearch has been installed, perhaps several years. None of these files will be present in most installations of Mac OS X.
Do not delete the folder 'LaunchDaemons' or anything else inside, unless you know you have another type of unwanted software and more VSearch. The file is a normal part of Mac OS X. The "demon" refers to a program that starts automatically. This is not inherently bad, but the mechanism is sometimes exploited by hackers for malicious software.
If you are not sure whether a file is part of the malware, order the contents of the folder by date modified I wrote in step 2, no name. Malicious files will be grouped together. There could be more than one such group, if you attacked more than once. A file dated far in the past is not part of the malware. A folder in date dated Middle an obviously malicious cluster is almost certainly too malicious.
If the files come back after you remove the, they are replaced by others with similar names, then either you didn't start in safe mode or you do not have all the. Return to step 1 and try again.
Step 4
Reset the home page in each of your browsers, if it has been modified. In Safari, first load the desired home page, then select
▹ Safari preferences... ▹ General
and click on
Set on the current Page
If you use Firefox or Chrome web browser, remove the extensions or add-ons that you don't know that you need. When in doubt, remove all of them.
The malware is now permanently inactivated, as long as you reinstall it never. A few small files will be left behind, but they have no effect, and trying to find all them is more trouble that it's worth.
Step 5
The malware lets the web proxy discovery in the network settings. If you know that the setting was already enabled for a reason, skip this step. Otherwise, you should undo the change.
Open the network pane in system preferences. If there is a padlock icon in the lower left corner of the window, click it and authenticate to unlock the settings. Click the Advanced button, and then select Proxies in the sheet that drops down. Uncheck that Auto Discovery Proxy if it is checked. Click OK, and then apply.
Step 6
This step is optional. Open the users and groups in the system preferences and click on the lock icon to unlock the settings. In the list of users, there may be some with random names that have been added by the malware. You can remove these users. If you are not sure whether a user is legitimate, do not delete it.
-
I keep seeing pop up ads powered by '' cn tatami '' whenever I have to navigate using Safari or open a link on the FB Adblocker app does not work for this. Any suggestions? There is no option to cross the pop-up ad that it redirects to various Web sites.
Cache and history of the site Clear settings - Safari -.
(1232)
-
(Redirected) 10 Windows touch screen does not work
I've recently updated to windows 10 and my touch screen does not work. I believe that the driver is no longer installed. Any help would be great.
Best of this post in the forum Windows 10 here:
http://en.community.Dell.com/support-forums/software-OS/f/4997
Bev.
-
(Redirected) Waves maxx audio pro does not work
Hello
recently my windows has been corrupted, so installed a new but the waves maxx audio pro does not work in my inspiron 7548. When I open audio dell there is no options there is empty
need help...
Better for this post in the Forum Audio Desktop, here:
http://en.community.Dell.com/support-forums/desktop/f/3513
Bev.
Maybe you are looking for
-
Case, but the screen is still in
Given that I've updated my iPad iOS 10.0.2, my case is no longer locks the screen to close it. The screen stays on. In my view, there is no option to activate this feature. It bother anyone else? No idea if they're going to fix this?
-
Why can't go further than level 19 to the call of the dead
I was level 22-the call of the dead (Xbox Live), then, no reason aparaent that I started at level 19, now no matter what level I can above 19 level that it keeps me level 19 is there a reason for this grace
-
For windows Vista uptadating KB958687 code of these errors occur 80246007 and 80070643. I did all the suggestions and errors are tha same. Anyone know what I need to do?
-
the sound on my windows xp needs repair
the sound on my windows xp desktop computer, sounds like pinky & perky How do I solve this problem
-
HP Pavilion dv7-1269us stopped himself turn off reboot screen black
My HP Pavilion dv7-1260us went 'pop' and turns off. I hit the power button. The LEDs (sound, WiFi, etc.) in line with the power button all came on but the screen stays black and the fan was running. I turned it off. I turned it on with the same resul