(RADIATOR) Rate-limit if user downloads exceed nMb in given Month.
Michael Bellears
mbellears at staff.datafx.com.au
Thu Apr 27 18:52:16 CDT 2006
>
> Damnit, I was missing the aaa pod server!
>
> Getting back to rate-limits, I would also total the inbound
> octets and update the users profile with av-pairs. I was also
> considering using the change-filter-request to apply limits
> rather than disconnecting to initially apply the filter. For
> each subsequent connection the limits would be applied
> through the av-pairs.
Certainly sounds feasible.
I have decided to not just update users profile with av-pairs, but
rather have a "64k" profile, which includes the service-policy(I'm using
service-policy in place of rate-limit now) av-pairs etc - Far easier to
apply to clients profile.....then at months end, I will run a script
that re-applies the clients original profile.
Initial testing looking promising..
>
> > >
> > > Hi Michael,
> > >
> > > I have tried both "Change-Filter-Request" and
> "Disconnect-Request"
> > > with a Cisco 3600 (IOS 12.3) using 'radpwtst' on vpdn
> PPTP sessions.
> > > The Cisco does ACK the request but then does nothing. I would be
> > > interested to know if you get different results. Apart
> from that I
> > > would probably use rate-limits with scripts as you outlined.
> > > Otherwise the only other way I can think of is to use
> > > virtual-templates.
> >
> > Im running 12.4 on a Cisco 1801 for testing pppoe
> connections.....so
> > your mileage may vary.
> >
> > Just been playing with radpwtst(Talking directly to NAS),
> and found a
> > way to successfully boot a user:
> >
> > Cisco component(Be sure to use "any" as default is "all" which will
> > require you to match all four key attributes (user-name,
> > framed-IP-address, session-ID, and session-key - I am only
> interested
> > in matching User-Name):
> >
> > aaa pod server auth-type any server-key xxxxxx
> >
> > Then, radpwtst:
> >
> > perl radpwtst -s xxx.xxx.xxx.xxx -auth_port 1700 -acct_port 1700
> > -noauth -noacct -secret xxxxxx -code Disconnect-Request
> > User-Name=test3 at foo.com -trace 5
> >
> >
> > NB trace 5 only there for debugging...Debug aaa pod is quite handy
> > also on the cisco...
> >
> >
> >
> >
> > >
> > > -- Andrew
> > >
> > > > -----Original Message-----
> > > > From: owner-radiator at open.com.au
> > > [mailto:owner-radiator at open.com.au]
> > > > On Behalf Of Michael Bellears
> > > > Sent: Thursday, 27 April 2006 1:50 PM
> > > > To: radiator at open.com.au
> > > > Subject: (RADIATOR) Rate-limit if user downloads exceed nMb
> > > in given
> > > > Month.
> > > >
> > > > I know the above is possible, just wondering the best way
> > > to implement?
> > > > (Cisco NAS)
> > > >
> > > > - Run script every night that totals users inbound
> octets(From SQL
> > > > Dbase), and if octets exceed n, update users profile with
> > > cisco-avpair
> > > > rate-limit, use radpwtst (Or snmp?) to send NAS a
> > > Disconnect-Request
> > > > for that user, user re-auths, and new rate-limit is applied.
> > > >
> > > > Then at the end of each month, reset all users profiles
> to correct
> > > > speed limit.
> > > >
> > > > Is the above a workable solution?
> > > >
> > > > Regards,
> > > > MB
> > > >
> > > > --
> > > > Archive at http://www.open.com.au/archives/radiator/
> > > > Announcements on radiator-announce at open.com.au To
> > > unsubscribe, email
> > > > 'majordomo at open.com.au' with 'unsubscribe radiator' in the
> > > body of the
> > > > message.
> > >
> > >
> > >
> > > --
> > > Archive at http://www.open.com.au/archives/radiator/
> > > Announcements on radiator-announce at open.com.au To
> unsubscribe, email
> > > 'majordomo at open.com.au' with 'unsubscribe radiator' in
> the body of
> > > the message.
> > >
> >
> > --
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on radiator-announce at open.com.au To
> unsubscribe, email
> > 'majordomo at open.com.au' with 'unsubscribe radiator' in the
> body of the
> > message.
>
>
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au To
> unsubscribe, email 'majordomo at open.com.au' with 'unsubscribe
> radiator' in the body of the message.
>
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list