(RADIATOR) Rate-limit if user downloads exceed nMb in given Month.

Michael Bellears mbellears at staff.datafx.com.au
Fri Apr 28 02:03:29 CDT 2006


> 
> I would like to use service policies as well and am still 
> testing what can be achieved. As far as I knew Cisco only 
> allows shaping on outbound traffic, but I haven't determined 
> what Cisco classifies as outbound traffic when applied to 
> PPPoE terminated sessions. 

I am using the following (Tested successfully) in my 64k service policy:

lcp:interface-config#1=service-policy input 64K
lcp:interface-config#2=service-policy output 64K 

With policy-map 64K configured on Cisco.


> 
> > >
> > > Damnit, I was missing the aaa pod server!
> > >
> > > Getting back to rate-limits, I would also total the 
> inbound octets 
> > > and update the users profile with av-pairs. I was also 
> considering 
> > > using the change-filter-request to apply limits rather than 
> > > disconnecting to initially apply the filter. For each subsequent 
> > > connection the limits would be applied through the av-pairs.
> > 
> > Certainly sounds feasible.
> > 
> > I have decided to not just update users profile with av-pairs, but 
> > rather have a "64k" profile, which includes the service-policy(I'm 
> > using service-policy in place of rate-limit now) av-pairs etc - Far 
> > easier to apply to clients profile.....then at months end, 
> I will run 
> > a script that re-applies the clients original profile.
> > 
> > Initial testing looking promising..
> > 
> > >
> > > > >
> > > > > Hi Michael,
> > > > >
> > > > > I have tried both "Change-Filter-Request" and
> > > "Disconnect-Request"
> > > > > with a Cisco 3600 (IOS 12.3) using 'radpwtst' on vpdn
> > > PPTP sessions.
> > > > > The Cisco does ACK the request but then does nothing. 
> I would be 
> > > > > interested to know if you get different results. Apart
> > > from that I
> > > > > would probably use rate-limits with scripts as you outlined.
> > > > > Otherwise the only other way I can think of is to use 
> > > > > virtual-templates.
> > > >
> > > > Im running 12.4 on a Cisco 1801 for testing pppoe
> > > connections.....so
> > > > your mileage may vary.
> > > >
> > > > Just been playing with radpwtst(Talking directly to NAS),
> > > and found a
> > > > way to successfully boot a user:
> > > >
> > > > Cisco component(Be sure to use "any" as default is "all" which 
> > > > will require you to match all four key attributes (user-name, 
> > > > framed-IP-address, session-ID, and session-key - I am only
> > > interested
> > > > in matching User-Name):
> > > >
> > > > aaa pod server auth-type any server-key xxxxxx
> > > >
> > > > Then, radpwtst:
> > > >
> > > > perl radpwtst -s xxx.xxx.xxx.xxx -auth_port 1700 
> -acct_port 1700 
> > > > -noauth -noacct -secret xxxxxx -code Disconnect-Request 
> > > > User-Name=test3 at foo.com -trace 5
> > > >
> > > >
> > > > NB trace 5 only there for debugging...Debug aaa pod is 
> quite handy 
> > > > also on the cisco...
> > > >
> > > >
> > > >
> > > >
> > > > >
> > > > > -- Andrew
> > > > >
> > > > > > -----Original Message-----
> > > > > > From: owner-radiator at open.com.au
> > > > > [mailto:owner-radiator at open.com.au]
> > > > > > On Behalf Of Michael Bellears
> > > > > > Sent: Thursday, 27 April 2006 1:50 PM
> > > > > > To: radiator at open.com.au
> > > > > > Subject: (RADIATOR) Rate-limit if user downloads exceed nMb
> > > > > in given
> > > > > > Month.
> > > > > >
> > > > > > I know the above is possible, just wondering the best way
> > > > > to implement?
> > > > > > (Cisco NAS)
> > > > > >
> > > > > > - Run script every night that totals users inbound
> > > octets(From SQL
> > > > > > Dbase), and if octets exceed n, update users profile with
> > > > > cisco-avpair
> > > > > > rate-limit, use radpwtst (Or snmp?) to send NAS a
> > > > > Disconnect-Request
> > > > > > for that user, user re-auths, and new rate-limit is applied.
> > > > > >
> > > > > > Then at the end of each month, reset all users profiles
> > > to correct
> > > > > > speed limit.
> > > > > >
> > > > > > Is the above a workable solution?
> > > > > >
> > > > > > Regards,
> > > > > > MB
> > > > > >
> > > > > > --
> > > > > > Archive at http://www.open.com.au/archives/radiator/
> > > > > > Announcements on radiator-announce at open.com.au To
> > > > > unsubscribe, email
> > > > > > 'majordomo at open.com.au' with 'unsubscribe radiator' in the
> > > > > body of the
> > > > > > message.
> > > > >
> > > > >
> > > > >
> > > > > --
> > > > > Archive at http://www.open.com.au/archives/radiator/
> > > > > Announcements on radiator-announce at open.com.au To
> > > unsubscribe, email
> > > > > 'majordomo at open.com.au' with 'unsubscribe radiator' in
> > > the body of
> > > > > the message.
> > > > >
> > > >
> > > > --
> > > > Archive at http://www.open.com.au/archives/radiator/
> > > > Announcements on radiator-announce at open.com.au To
> > > unsubscribe, email
> > > > 'majordomo at open.com.au' with 'unsubscribe radiator' in the
> > > body of the
> > > > message.
> > >
> > >
> > >
> > > --
> > > Archive at http://www.open.com.au/archives/radiator/
> > > Announcements on radiator-announce at open.com.au To 
> unsubscribe, email 
> > > 'majordomo at open.com.au' with 'unsubscribe radiator' in 
> the body of 
> > > the message.
> > >
> > 
> > --
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on radiator-announce at open.com.au To 
> unsubscribe, email 
> > 'majordomo at open.com.au' with 'unsubscribe radiator' in the 
> body of the 
> > message.
> 
> 
> 
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au To 
> unsubscribe, email 'majordomo at open.com.au' with 'unsubscribe 
> radiator' in the body of the message.
> 

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list