[c-nsp] 7200 PPPoE disconnecting users

Matt Addison maddison at iquest.net
Mon Aug 22 19:38:47 EDT 2005 

Found a way in the CLI as well after poking around a bit more:
clear interface virtual-access <vi>

Where <vi> is the virt interface number. Verified that it does send
radius Accounting-Stop commands so that works perfect for us right now.
I'll keep the RADIUS packet o' death in mind in the future though for
automated/script based disconnects.

Thanks to everyone that replied on and off list.

~Matt

-----Original Message-----
From: Ryan O'Connell [mailto:ryan at complicity.co.uk] 
Sent: Monday, August 22, 2005 6:32 PM
To: Matt Addison
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] 7200 PPPoE disconnecting users

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
On 23/08/2005 00:24, Matt Addison wrote:

| Anyone know a way to disconnect PPPoE users from a 7200 configured to 
| terminate PPPoE sessions? Preferably over the console although known 
| methods using RADIUS/SNMP would also be welcomed. Not finding anything

| about doing this on Google so far...
|
| Note, this is not for automatic session/idle disconnects, looking for 
| a way the provider can initiate a disconnect of a user.
|
| Using "IOS (tm) 7200 Software (C7200-IK9S-M), Version 12.2(31), 
| RELEASE SOFTWARE (fc2)"


RADIUS "packet of death" should do this. (It's called "packet of
disconnect" in the official documentation, but I found earlier
references to "packet of death" and I think once it was officially
released rather than a hidden command it was renamed to something
acceptable.)

In the router global config, you need something like:
aaa pod server auth-type any server-key ThisIsMyKey

And from a handy server, you can then do:
echo "User-Name=<blah> | radclient <router-ip>:1700 disconnect
ThisIsMyKey

I'm using radclient from freeradius 1.0.4, I don't think there are
(m)any other RADIUS server packages that come with an appropriate RADIUS
client that can send disconnect packets although IIRC radiator might.

- --
~         Ryan O'Connell - CCIE #8174
<ryan at complicity.co.uk> - http://www.complicity.co.uk

I'm not losing my mind, no I'm not changing my lines, I'm just learning
new things with the passage of time -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
 
iD8DBQFDCmBtoaLhvISWLh0RAu3lAJ92TKZX+r/8Jv/BEV6Qx912dcnW2QCfcOc/
d0wpRtw197fKSkGKC2HEQug=
=6XDp
-----END PGP SIGNATURE-----

More information about the cisco-nsp mailing list