(RADIATOR) Rate-limit if user downloads exceed nMb in given Month.
Claudio Lapidus
clapidus at gmail.com
Thu Apr 27 21:52:17 CDT 2006
Your script is certainly the way I would go, but if you want to
account for download volume, make sure you watch Acct-Output-Octets,
not "inbound". Also consider Acct-Output-Gigawords, to prevent counter
wrap-around at 4GB.
hth
cl.
On 4/27/06, Michael Bellears <mbellears at staff.datafx.com.au> wrote:
> >
> > Damnit, I was missing the aaa pod server!
> >
> > Getting back to rate-limits, I would also total the inbound
> > octets and update the users profile with av-pairs. I was also
> > considering using the change-filter-request to apply limits
> > rather than disconnecting to initially apply the filter. For
> > each subsequent connection the limits would be applied
> > through the av-pairs.
>
> Certainly sounds feasible.
>
> I have decided to not just update users profile with av-pairs, but
> rather have a "64k" profile, which includes the service-policy(I'm using
> service-policy in place of rate-limit now) av-pairs etc - Far easier to
> apply to clients profile.....then at months end, I will run a script
> that re-applies the clients original profile.
>
> Initial testing looking promising..
>
> >
> > > >
> > > > Hi Michael,
> > > >
> > > > I have tried both "Change-Filter-Request" and
> > "Disconnect-Request"
> > > > with a Cisco 3600 (IOS 12.3) using 'radpwtst' on vpdn
> > PPTP sessions.
> > > > The Cisco does ACK the request but then does nothing. I would be
> > > > interested to know if you get different results. Apart
> > from that I
> > > > would probably use rate-limits with scripts as you outlined.
> > > > Otherwise the only other way I can think of is to use
> > > > virtual-templates.
> > >
> > > Im running 12.4 on a Cisco 1801 for testing pppoe
> > connections.....so
> > > your mileage may vary.
> > >
> > > Just been playing with radpwtst(Talking directly to NAS),
> > and found a
> > > way to successfully boot a user:
> > >
> > > Cisco component(Be sure to use "any" as default is "all" which will
> > > require you to match all four key attributes (user-name,
> > > framed-IP-address, session-ID, and session-key - I am only
> > interested
> > > in matching User-Name):
> > >
> > > aaa pod server auth-type any server-key xxxxxx
> > >
> > > Then, radpwtst:
> > >
> > > perl radpwtst -s xxx.xxx.xxx.xxx -auth_port 1700 -acct_port 1700
> > > -noauth -noacct -secret xxxxxx -code Disconnect-Request
> > > User-Name=test3 at foo.com -trace 5
> > >
> > >
> > > NB trace 5 only there for debugging...Debug aaa pod is quite handy
> > > also on the cisco...
> > >
> > >
> > >
> > >
> > > >
> > > > -- Andrew
> > > >
> > > > > -----Original Message-----
> > > > > From: owner-radiator at open.com.au
> > > > [mailto:owner-radiator at open.com.au]
> > > > > On Behalf Of Michael Bellears
> > > > > Sent: Thursday, 27 April 2006 1:50 PM
> > > > > To: radiator at open.com.au
> > > > > Subject: (RADIATOR) Rate-limit if user downloads exceed nMb
> > > > in given
> > > > > Month.
> > > > >
> > > > > I know the above is possible, just wondering the best way
> > > > to implement?
> > > > > (Cisco NAS)
> > > > >
> > > > > - Run script every night that totals users inbound
> > octets(From SQL
> > > > > Dbase), and if octets exceed n, update users profile with
> > > > cisco-avpair
> > > > > rate-limit, use radpwtst (Or snmp?) to send NAS a
> > > > Disconnect-Request
> > > > > for that user, user re-auths, and new rate-limit is applied.
> > > > >
> > > > > Then at the end of each month, reset all users profiles
> > to correct
> > > > > speed limit.
> > > > >
> > > > > Is the above a workable solution?
> > > > >
> > > > > Regards,
> > > > > MB
> > > > >
> > > > > --
> > > > > Archive at http://www.open.com.au/archives/radiator/
> > > > > Announcements on radiator-announce at open.com.au To
> > > > unsubscribe, email
> > > > > 'majordomo at open.com.au' with 'unsubscribe radiator' in the
> > > > body of the
> > > > > message.
> > > >
> > > >
> > > >
> > > > --
> > > > Archive at http://www.open.com.au/archives/radiator/
> > > > Announcements on radiator-announce at open.com.au To
> > unsubscribe, email
> > > > 'majordomo at open.com.au' with 'unsubscribe radiator' in
> > the body of
> > > > the message.
> > > >
> > >
> > > --
> > > Archive at http://www.open.com.au/archives/radiator/
> > > Announcements on radiator-announce at open.com.au To
> > unsubscribe, email
> > > 'majordomo at open.com.au' with 'unsubscribe radiator' in the
> > body of the
> > > message.
> >
> >
> >
> > --
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on radiator-announce at open.com.au To
> > unsubscribe, email 'majordomo at open.com.au' with 'unsubscribe
> > radiator' in the body of the message.
> >
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list