[cisco-bba] Per user accounting

Thomas Bridge thomas at wibble.to
Fri Jul 11 17:44:00 EDT 2003 

At 09:25 10/07/2003 -0700, Dennis Peng wrote:

>Thomas Bridge [thomas at netsource.ie] wrote:
> > We've a Cisco 7200 terminating our customer's PPPoE  and PPP over L2TP
> > connections for ADSL.   It's running 12.2(16)B
> >
> > Is there anyway internal to the router to do per user accounting -
>
>No, but I'm curious, what did you have in mind?

We have a situation where we could support up to 8000 customers before 
moving to second BAS for DSL connections.   Most of these customers are 
permanently connected, and are assigned a virtual interface.   The problem 
is, they disconnect and reconnect quite frequently (some users are home 
users for example).

As all Virtual Interfaces must have a 1:1 mapping to a username (albeit 
ones that are handled through a RADIUS server), I was thinking of something 
like an internal table that contains the amount of data that customer has 
downloaded - this is already in the router for the interface.   It would be 
like the stats gathered for a serial or ethernet interface - you could 
reset to zero if you wanted.

> > radius is not over suitable for this, as it wraps at 4GB and needs
> > the session to terminate, or constant monitoring of the radius logs,
>
>In recent IOS, we support Acct-Input/Output-Gigawords which should fix
>the 4GB wrapping issue. Also, what is unattractive about using
>periodic accounting and montioring the RADIUS logs?

While some users may log on and off, others will stay permanently 
connected.   I suppose I need to think this through - but the problem is 
that using radius will require the radius DB itself to be monitored if I'm 
looking for things like "how much has this user used this week" if he's 
been connected for the last month.

What I was really looking for is a way to find out today what my users have 
been using for the last week.   It appears, that the answer is no.   What I 
need to do is start gathering some data, but I'll have to think it through.

In the meantime, I've noticed that I didn't have "aaa accounting update 
periodic" enabled.  I've just added the command, with a time of 5 
minutes.   However, it appears my radius server does not seem to be 
handling those packets - something I need to investigate.

T.


Thomas Bridge                           tbridge at netsource.ie
Network and Systems Architect           Support phone: +353 1 4336070
Netsource                               26 Upr Fitzwilliam St., Dublin 2

More information about the cisco-bba mailing list