(RADIATOR) A SOLUTION: Session check for Cisco ISDN users
Utku Er
erutku at netone.net.tr
Thu Oct 31 12:14:10 CST 2002
Hi everyone,
This is discussed on this list before... We have problems getting information with snmp on ISDN users from the Cisco access servers. RADIATOR can doublecheck the session table entries when needed from the Cisco NAS with SNMP for the ASYNC users. RADIATOR uses the SNMP request of ".iso.org.dod.internet.private.enterprises.9.2.9.2.1.18.NASPORT" to get the username connected to that port.
However, when RADIATOR tries to doublecheck the NAS for the ISDN users, this SNMP request is not working. Since radiator cannot verify this user is still connected, session check problems occur... Like discussed in http://www.open.com.au/archives/radiator/2000-02/msg00246.html and in many of the others.
I contacted TAC and they've said it's not possible to get this username/nasport relation via SNMP for the ISDN users. Since we agree on they cannot provide it (maybe they'll do it in later IOS releases) I alter the radiator source a little and create my solution.
Cisco ISDN nas_port are structured like 2XXYY in the start record. I guess this means SerialXX:YY. I altered /usr/lib/perl5/site_perl/5.6.0/Radius/Nas/Cisco.pm to finger to NAS if NAS-Port is higher than 20000 and use the normal snmp procedure for the other users. This procedure searches "SeXX:YY username" in this finger output. (of course XX and YY can be zero or include zero and username is printed only 10 characters)
This is working quite well and ISDN users cannot connect more than their simultaneous-use allow them to. I can send this updated Cisco.pm code if writer or Open System Consultants allow me to.
regards,
Utku Er
http://www.utkuer.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20021031/096bea82/attachment.html>
More information about the radiator
mailing list