(RADIATOR) A SOLUTION: Session check for Cisco ISDN users
Vangelis Kyriakakis
vkyriak at forthnet.gr
Fri Nov 1 03:45:33 CST 2002
Our solution to this problem is to make an snmpwalk to another SNMP variable and then grep the result for the username. This works perfectly for Simultaneous-Use=1 but not for more since it always checks with the first occurence of the username in the snmpwalk output
Vangelis
Hugh Irvine wrote:
> Hello Utku -
>
> Please send the code (a "diff -c ..." preferably) to Mike and we will take a look.
>
> I have also been working an a different approach with another customer, and I should be posting something soon.
>
> regards
>
> Hugh
>
> On Friday, November 1, 2002, at 05:14 AM, Utku Er wrote:
>
> Hi everyone,
>
> This is discussed on this list before... We have problems getting information with snmp on ISDN users from the Cisco access servers. RADIATOR can doublecheck the session table entries when needed from the Cisco NAS with SNMP for the ASYNC users. RADIATOR uses the SNMP request of ".iso.org.dod.internet.private.enterprises.9.2.9.2.1.18.NASPORT" to get the username connected to that port.
>
> However, when RADIATOR tries to doublecheck the NAS for the ISDN users, this SNMP request is not working. Since radiator cannot verify this user is still connected, session check problems occur... Like discussed in http://www.open.com.au/archives/radiator/2000-02/msg00246.html and in many of the others.
>
> I contacted TAC and they've said it's not possible to get this username/nasport relation via SNMP for the ISDN users. Since we agree on they cannot provide it (maybe they'll do it in later IOS releases) I alter the radiator source a little and create my solution.
>
> Cisco ISDN nas_port are structured like 2XXYY in the start record. I guess this means SerialXX:YY. I altered /usr/lib/perl5/site_perl/5.6.0/Radius/Nas/Cisco.pm to finger to NAS if NAS-Port is higher than 20000 and use the normal snmp procedure for the other users. This procedure searches "SeXX:YY username" in this finger output. (of course XX and YY can be zero or include zero and username is printed only 10 characters)
>
> This is working quite well and ISDN users cannot connect more than their simultaneous-use allow them to. I can send this updated Cisco.pm code if writer or Open System Consultants allow me to.
>
> regards,
>
> Utku Er
> http://www.utkuer.com
>
> NB: I am travelling this week, so there may be delays in our correspondence.
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list