Re: Limit users traffic quota via radius
This is not correct. You may use SNMP, or you may use a RADIUS Change of Authority/Packet of Disconnect request... Regards Peter On Wed 19 Sep 2007, Willie Yeo wrote: You need SNMP to disconnect the link, not Radius. The only other way I can think of is that, if you can use an external program/script to check the quota from your accounting records, and then if that quota is reached, then send the program sends to SNMP to disconnect the user. On 18/09/2007, at 6:34 PM, Massimiliano Macrì wrote: I'm trying to close the connection of a pre-paid mobile user, after he reached a limited amount of traffic (ie. 100 megabytes), the network device is a Cisco router. I've found may way to rate-limit the traffic bandwidth but not one to do this. Is radius the correct way to achieve this goal? It'all about vsa? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Peter Nixon http://peternixon.net/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Limit users traffic quota via radius
Hi, so basically all I need is a RFC 3576-compliant radius server and the correct vsa specific of cisco device? What I do not understand is if : )the radius check the quota (but how and how often?) and then push the disconnect to the device, or )the device, once the user is authenticathed, get a profile and then it checks with an internal specific process (specified by a vsa), the quota, with the action after the threshold. I'm a bit confused, as snmp/script solution implies that a machine should login/check the virtual interface status and then issue a command like shutdown correct? Is thi the only way to accomplish a QoS task!? Thanks for your help, Massimiliano Peter Nixon wrote: This is not correct. You may use SNMP, or you may use a RADIUS Change of Authority/Packet of Disconnect request... Regards Peter On Wed 19 Sep 2007, Willie Yeo wrote: You need SNMP to disconnect the link, not Radius. The only other way I can think of is that, if you can use an external program/script to check the quota from your accounting records, and then if that quota is reached, then send the program sends to SNMP to disconnect the user. On 18/09/2007, at 6:34 PM, Massimiliano Macrì wrote: I'm trying to close the connection of a pre-paid mobile user, after he reached a limited amount of traffic (ie. 100 megabytes), the network device is a Cisco router. I've found may way to rate-limit the traffic bandwidth but not one to do this. Is radius the correct way to achieve this goal? It'all about vsa? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Limit users traffic quota via radius
You can tell the NAS to send accounting updates every so often (every hour for example with: aaa accounting update periodic 60 on Cisco) and calculate the amount of traffic each user has consumed with an SQL query in the Radius database. Another option is to query the NAS with SNMP. Check this to reset the user's interface with packet of disconnect: http://wiki.freeradius.org/Packet_of_Disconnect I wrote some articles about this on http://www.netexpertise.eu/en/FreeRadius/index.html A small script in shell would do what you want... David Rozé http://www.netexpertise.eu -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Massimiliano Macrì Sent: 19 September 2007 15:09 To: FreeRadius users mailing list Subject: Re: Limit users traffic quota via radius Hi, so basically all I need is a RFC 3576-compliant radius server and the correct vsa specific of cisco device? What I do not understand is if : )the radius check the quota (but how and how often?) and then push the disconnect to the device, or )the device, once the user is authenticathed, get a profile and then it checks with an internal specific process (specified by a vsa), the quota, with the action after the threshold. I'm a bit confused, as snmp/script solution implies that a machine should login/check the virtual interface status and then issue a command like shutdown correct? Is thi the only way to accomplish a QoS task!? Thanks for your help, Massimiliano Peter Nixon wrote: This is not correct. You may use SNMP, or you may use a RADIUS Change of Authority/Packet of Disconnect request... Regards Peter On Wed 19 Sep 2007, Willie Yeo wrote: You need SNMP to disconnect the link, not Radius. The only other way I can think of is that, if you can use an external program/script to check the quota from your accounting records, and then if that quota is reached, then send the program sends to SNMP to disconnect the user. On 18/09/2007, at 6:34 PM, Massimiliano Macrì wrote: I'm trying to close the connection of a pre-paid mobile user, after he reached a limited amount of traffic (ie. 100 megabytes), the network device is a Cisco router. I've found may way to rate-limit the traffic bandwidth but not one to do this. Is radius the correct way to achieve this goal? It'all about vsa? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Limit users traffic quota via radius
Hi, I'm trying to close the connection of a pre-paid mobile user, after he reached a limited amount of traffic (ie. 100 megabytes), the network device is a Cisco router. I've found may way to rate-limit the traffic bandwidth but not one to do this. Is radius the correct way to achieve this goal? It'all about vsa? Thanks all, Massimiliano - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Limit users traffic quota via radius
On 9/18/07, Massimiliano Macrì [EMAIL PROTECTED] wrote: I'm trying to close the connection of a pre-paid mobile user, after he reached a limited amount of traffic (ie. 100 megabytes), the network device is a Cisco router. I've found may way to rate-limit the traffic bandwidth but not one to do this. Is radius the correct way to achieve this goal? It'all about vsa? Radius isn't supposed to terminate anything on its own, it just takes note of a user session history and validates logins. What you should do is to find some way of telling Cisco that a particular session is to be disconnected when a certain limit is reached. If your Cisco can output real time stats AND can accept external disconnection commands, then it might be possible to implement what you want. But honestly this process should be implemented completely inside the Cisco, and then, when a disconnect triggers, your Cisco should tell Radius about it. The opposite isn't bound to happen. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Limit users traffic quota via radius
Actually if you are working with MySQL or some other SQL database server maybe you can write your own sql module that accomplishes that. I would suggest taking a look at Max-All-Session as an example. What you want to do is create a kind of sql module that will act as a counter for the traffic used by the user and perform actions based on that. Regards, Liran. On 9/18/07, inverse [EMAIL PROTECTED] wrote: On 9/18/07, Massimiliano Macrì [EMAIL PROTECTED] wrote: I'm trying to close the connection of a pre-paid mobile user, after he reached a limited amount of traffic (ie. 100 megabytes), the network device is a Cisco router. I've found may way to rate-limit the traffic bandwidth but not one to do this. Is radius the correct way to achieve this goal? It'all about vsa? Radius isn't supposed to terminate anything on its own, it just takes note of a user session history and validates logins. What you should do is to find some way of telling Cisco that a particular session is to be disconnected when a certain limit is reached. If your Cisco can output real time stats AND can accept external disconnection commands, then it might be possible to implement what you want. But honestly this process should be implemented completely inside the Cisco, and then, when a disconnect triggers, your Cisco should tell Radius about it. The opposite isn't bound to happen. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Limit users traffic quota via radius
On Tue 18 Sep 2007, Massimiliano Macrì wrote: Hi, I'm trying to close the connection of a pre-paid mobile user, after he reached a limited amount of traffic (ie. 100 megabytes), the network device is a Cisco router. I've found may way to rate-limit the traffic bandwidth but not one to do this. Is radius the correct way to achieve this goal? It'all about vsa? You could easily accomplish this with a CoA/PoD request to the cisco when the user hits whatever limit... -- Peter Nixon http://peternixon.net/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Limit users traffic quota via radius
You need SNMP to disconnect the link, not Radius. The only other way I can think of is that, if you can use an external program/script to check the quota from your accounting records, and then if that quota is reached, then send the program sends to SNMP to disconnect the user. On 18/09/2007, at 6:34 PM, Massimiliano Macrì wrote: I'm trying to close the connection of a pre-paid mobile user, after he reached a limited amount of traffic (ie. 100 megabytes), the network device is a Cisco router. I've found may way to rate-limit the traffic bandwidth but not one to do this. Is radius the correct way to achieve this goal? It'all about vsa? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
