CONCENTRADOR CISCO +RECEITANET
- 📡 Como cadastrar um CONCENTRADOR CISCO no ReceitaNet
- 🧠 0.0 – RR – RADIUS RECEITANET
- 🛠️ 1.0 – Cadastro de Servidores
- 🔌 2.0 – Novo Servidor do Tipo RADIUS
- 🔒 3.0 – Servidores de Autenticação
- 📍 4.0 – Cadastrar NAS CISCO
- ⚙️ 5.0 – Controle de Velocidade (QoS)
- 🔧 6.0 – Configuração Personalizada
- 🚫 7.0 – Configuração de Bloqueio
- 📘 8.0 – Exemplo para Cisco ASR1002
- 📎 Recursos Adicionais
- ✅ Conclusão
📡 Como cadastrar um CONCENTRADOR CISCO no ReceitaNet
🧠 0.0 – RR – RADIUS RECEITANET
Saiba mais sobre o funcionamento do RADIUS ReceitaNet clicando abaixo:
🛠️ 1.0 – Cadastro de Servidores
Vá em Cadastro > Diversos servidores e clique no botão “+”.
🔌 2.0 – Novo Servidor do Tipo RADIUS
2.1 – Comunicação ReceitaNet com RADIUS
🔒 3.0 – Servidores de Autenticação
📍 4.0 – Cadastrar NAS CISCO
📄 Campos importantes:
- Nome: Identificação do equipamento
- IP do NAS: IP do Cisco liberado no RADIUS
- IP do RADIUS: Deve estar liberado no firewall do Cisco
- Senha: Senha de consulta para autenticação
⚙️ 5.0 – Controle de Velocidade (QoS)
Ajuste os atributos de velocidade conforme o equipamento Cisco.
Visualize os atributos de controle de banda ao clicar no botão “RADIUS”.
5.1 – QoS Dinâmico ❗
ATENÇÃO: O parâmetro rate-limit não é suportado em ASR1K. Utilize QoS estático.
| Comando | Descrição |
|---|---|
| lcp:interface-config=rate-limit output | Limita saída |
| lcp:interface-config=rate-limit input | Limita entrada |
5.2 – QoS Dinâmico ASR1K ❗
Cisco-AvPair = qos-policy-in=add-class(sub,(class-default), police(104857600))
Cisco-AvPair = qos-policy-out=add-class(sub,(class-default), police(104857600))
Ao Marcar Dinâmico ASR – Automaticamente o RECEITANET criará os Atributos abaixo.
Agradecimento ao Consultor Derick +55 82 9656-7029
5.3 – QoS Estático 🧩
| Comando |
|---|
| Cisco-Avpair = ip:sub-qos-policy-in=plano |
| Cisco-Avpair += ip:sub-qos-policy-out=plano |
🔧 6.0 – Configuração Personalizada
Ao clicar em RADIUS, é possível incluir ou excluir atributos de forma personalizada.
🚫 7.0 – Configuração de Bloqueio
Clientes bloqueados devem ter pools dedicados:
bloqueadoipv4bloqueadoipv6
Agradecimento ao Consultor Samuel Reis +55 11 97739-5297
📘 8.0 – Exemplo para Cisco ASR1002
10.252.252.8 = IP Servidor RADIUS
Building configuration...
Current configuration : 8946 bytes
!
! Last configuration change at 13:56:08 BRA Tue May 6 2025 by pedromedina
! NVRAM config last updated at 13:56:35 BRA Tue May 6 2025 by pedromedina
!
version 15.5
service timestamps debug datetime localtime
service timestamps log datetime localtime
no platform punt-keepalive disable-kernel-core
!
hostname BRAS-FW
!
boot-start-marker
boot-end-marker
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
aaa new-model
!
aaa group server radius RADIUS-PPPOE
server name NAS-PPPOE
ip radius source-interface TenGigabitEthernet0/1/0.101
!
aaa authentication login default local
aaa authentication login ssh local
aaa authentication ppp default group radius local
aaa authorization console
aaa authorization config-commands
aaa authorization exec default local
aaa authorization network default group radius
aaa authorization subscriber-service default local group radius
aaa accounting delay-start all
aaa accounting session-duration ntp-adjusted
aaa accounting update periodic 10
aaa accounting include auth-profile framed-ip-address
aaa accounting include auth-profile framed-ipv6-prefix
aaa accounting include auth-profile delegated-ipv6-prefix
aaa accounting exec default start-stop group radius
aaa accounting network default start-stop group radius
aaa accounting system default start-stop group radius
!
aaa server radius dynamic-author
client 10.252.252.8 server-key TSElDvYOMQ4Kv
port 3799
auth-type any
ignore session-key
ignore server-key
!
aaa session-id common
aaa policy interface-config allow-subinterface
ppp packet throttle 100 10 160
clock timezone BRA -4 0
!
no ip domain lookup
ip domain name fwnetwork.local
!
login on-success log
!
subscriber service multiple-accept
subscriber service session-accounting
subscriber access pppoe pre-authorize nas-port-id default
subscriber templating
!
multilink bundle-name authenticated
!
spanning-tree extend system-id
!
username suporte privilege 15 secret 5 $1$31Hj$2/FSGKKDgtBNorJ/UH1
!
redundancy
mode none
!
policy-map OUT-PADRAO
class class-default
police cir 2000000000
conform-action transmit
exceed-action drop
policy-map IN-PADRAO
class class-default
police cir 2000000000
conform-action transmit
exceed-action drop
!
bba-group pppoe bras-fw
virtual-template 1
vendor-tag circuit-id service
sessions per-mac limit 1
sessions per-vlan limit 64000 inner 64000
sessions auto cleanup
pado delay 0
!
interface Loopback0
ip address 10.99.99.1 255.255.255.255
!
interface GigabitEthernet0/0/0
ip address 172.16.0.1 255.255.255.252
no negotiation auto
pppoe enable group bras-fw
!
interface GigabitEthernet0/0/1
no ip address
negotiation auto
!
interface GigabitEthernet0/0/2
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0/0/3
no ip address
shutdown
negotiation auto
!
interface TenGigabitEthernet0/1/0
no ip address
!
interface TenGigabitEthernet0/1/0.101
description UPLINK-CCR2004
encapsulation dot1Q 101
ip address 10.252.252.14 255.255.255.240
!
interface TenGigabitEthernet0/1/0.102
description TESTE-PPPOE
encapsulation dot1Q 102
pppoe enable group bras-fw
!
interface GigabitEthernet0/2/0
no ip address
negotiation auto
!
interface GigabitEthernet0/2/1
no ip address
negotiation auto
!
interface GigabitEthernet0/2/1.100
description GERENCIA-CISCO-BNG
encapsulation dot1Q 100
ip address 172.16.16.1 255.255.255.252
!
interface GigabitEthernet0/2/2
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0/2/3
description TESTE
no ip address
negotiation auto
ipv6 enable
pppoe enable group bras-fw
!
interface GigabitEthernet0/2/4
no ip address
shutdown
negotiation auto
!
interface TenGigabitEthernet0/3/0
no ip address
!
interface TenGigabitEthernet0/3/0.3001
encapsulation dot1Q 3001
pppoe enable group bras-fw
!
interface TenGigabitEthernet0/3/0.3002
encapsulation dot1Q 3002
pppoe enable group bras-fw
!
interface TenGigabitEthernet0/3/0.3003
encapsulation dot1Q 3003
pppoe enable group bras-fw
!
interface TenGigabitEthernet0/3/0.3004
encapsulation dot1Q 3004
pppoe enable group bras-fw
!
interface TenGigabitEthernet0/3/0.3005
encapsulation dot1Q 3005
pppoe enable group bras-fw
!
interface TenGigabitEthernet0/3/0.3006
encapsulation dot1Q 3006
pppoe enable group bras-fw
!
interface TenGigabitEthernet0/3/0.3007
encapsulation dot1Q 3007
pppoe enable group bras-fw
!
interface TenGigabitEthernet0/3/0.3008
encapsulation dot1Q 3008
pppoe enable group bras-fw
!
interface TenGigabitEthernet0/3/0.3009
encapsulation dot1Q 3009
pppoe enable group bras-fw
!
interface TenGigabitEthernet0/3/0.3010
encapsulation dot1Q 3010
pppoe enable group bras-fw
!
interface TenGigabitEthernet0/3/0.3011
encapsulation dot1Q 3011
pppoe enable group bras-fw
!
interface TenGigabitEthernet0/3/0.3012
encapsulation dot1Q 3012
pppoe enable group bras-fw
!
interface TenGigabitEthernet0/3/0.3013
encapsulation dot1Q 3013
pppoe enable group bras-fw
!
interface TenGigabitEthernet0/3/0.3014
encapsulation dot1Q 3014
pppoe enable group bras-fw
!
interface TenGigabitEthernet0/3/0.3015
encapsulation dot1Q 3015
pppoe enable group bras-fw
!
interface TenGigabitEthernet0/3/0.3016
encapsulation dot1Q 3016
pppoe enable group bras-fw
!
interface TenGigabitEthernet0/3/0.3017
encapsulation dot1Q 3017
pppoe enable group bras-fw
!
interface TenGigabitEthernet0/3/0.3018
encapsulation dot1Q 3018
pppoe enable group bras-fw
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
no ip address
shutdown
negotiation auto
!
interface Virtual-Template1
mtu 1492
ip unnumbered Loopback0
no ip redirects
no ip unreachables
no ip proxy-arp
ip verify unicast source reachable-via rx
ip tcp adjust-mss 1452
no logging event link-status
peer default ip address pool pool-nat-1
keepalive 20 3
ppp authentication pap chap RADIUS-PPPOE
ppp authorization RADIUS-PPPOE
ppp accounting RADIUS-PPPOE
ppp ipcp dns 1.1.1.1 8.8.8.8
ppp ipcp ignore-map
ppp ipcp address required
ppp ipcp address unique
ppp link reorders
service-policy input IN-PADRAO
service-policy output OUT-PADRAO
ip virtual-reassembly
!
ip local pool pool-nat-1 100.64.0.2 100.64.3.255
ip local pool bloqueadoipv4 172.20.0.1 172.20.3.255
ip forward-protocol nd
!
no ip http server
no ip http secure-server
ip tftp source-interface GigabitEthernet0
ip route 0.0.0.0 0.0.0.0 10.252.252.1 name ROUTE-DEFAULT
ip ssh port 8022 rotary 1
ip ssh source-interface GigabitEthernet0/2/1.100
ip ssh version 2
!
snmp-server community cisco
snmp-server source-interface informs TenGigabitEthernet0/1/0.101
snmp-server location Manaus
snmp-server contact suporte@suporte.com.br
snmp mib expression owner cgnat name pool
expression 0
snmp mib expression owner cgnat name total
expression 0
!
radius-server attribute 44 include-in-access-req default-vrf
no radius-server attribute 77 include-in-acct-req
no radius-server attribute 77 include-in-access-req
radius-server attribute 6 on-for-login-auth
radius-server attribute 6 support-multiple
radius-server attribute 8 include-in-access-req
radius-server attribute 32 include-in-access-req
radius-server attribute 32 include-in-accounting-req
radius-server attribute 55 include-in-acct-req
radius-server attribute 55 access-request include
radius-server attribute 25 access-request include
radius-server attribute nas-port format d
radius-server attribute 31 mac format ietf upper-case
radius-server attribute 31 send nas-port-detail mac-only
radius-server attribute 31 remote-id
radius-server attribute nas-port-id include circuit-id
radius-server source-ports extended
radius-server retransmit 6
radius-server timeout 30
radius-server deadtime 1
radius-server unique-ident 42
radius-server authorization default Framed-Protocol ppp
radius-server vsa send cisco-nas-port
!
radius server RADIUS-PPPOE
address ipv4 10.252.252.8 auth-port 1812 acct-port 1813
timeout 30
retransmit 5
key TSElDvYOMQ4Kv
!
control-plane
!
call admission new-model
call admission limit 1500
call admission cpu-limit 80
call admission vpdn 10 1
call admission pppoe 10 1
call admission pppoa 10 1
call admission ip 10 1
!
line con 0
privilege level 15
transport preferred none
stopbits 1
line aux 0
transport preferred none
stopbits 1
line vty 0 4
privilege level 15
password 7 040B060806171D5D000C0856
transport preferred none
transport input telnet ssh
line vty 5 15
password 7 08714140002F54041B1E0145
transport preferred none
transport input telnet ssh
!
ntp server 200.160.0.8
!
end
BRAS-FW#
! Salvar configurações
write memoryAgradecimento ao Consultor Cisco Pedro Medina +55 92 8258-1204
Agradecimento ao Consultor Cisco – Keslley Kledston +55 92 9188-2864
📎 Recursos Adicionais
RADIUS – ACESSO REMOTO A CLIENTES + EQUIPAMENTOS DE REDE EXTERNO
EMERGÊNCIA – COMO AUTENTICAR OS CLIENTES RÁPIDO? RECEITANET RADIUS CORINGA
✅ Conclusão
✅ Pronto! Integração CISCO com ReceitaNet realizada com sucesso!
🚀 Equipe ReceitaNet – Sempre trabalhando para o seu Crescimento!
🔔 Inscreva-se no Canal do YouTube da ReceitaNet e deixe o seu LIKE 👍
