On Tue, Nov 13, 2007 at 10:03:16AM +0100, Olaf Baumert wrote: > > To dont't let new sessions come online, you may use a domain-map with > user override to a user which don't authorize. > > like > aaa domain-map some-domain.tld > override-user name foo password bar > > this should'nt affect acitve sessions, but won't any new come > active.
Interesting idea, thanks. However, from my point of view (not tested it yet), that solution is not acceptable in real life - instead of simple 'dropping' incoming pppoe packets it will try to setup ppp and authenticate user - and, as a result of username remapping, authentication will fail... And user received 'Authentication failed' response will call to support and cry.... Simple shutting down pppoe interface (enforcing users to reconnect to another bras after keepalive timeout) looks better - did it today morning and got three calls to support from ~500 users disconnected. Or have I missed something ? _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
