[cisco-bba] Disconnecting users

Andy Saykao andy.saykao at staff.netspace.net.au
Wed Nov 28 19:13:23 EST 2007


What we do is lock the customer's account via their radius profile
(don't ask me how we do this because it's done by our development team).
I think we use radiator with a oracle/SQL backend. We then get a ticket
from Finance to boot the user off, and as described by the previous
posts, we just log onto the appropriate LNS and clear the user's
respective virtual interface.

When the user tries to re-login and authenticate, radius picks up the
fact that their account is locked and tunnels them to our lns-ssg router
where they get assigned a private 172.16.x.x address and can only browse
to our online portal that advises them to pay their account :)

Here's some ssg stuff:
http://www.cisco.com/en/US/tech/tk888/tk890/tsd_technology_support_proto
col_home.html



--
 
Regards,
 
Andy 


-----Original Message-----
From: cisco-bba-bounces at puck.nether.net
[mailto:cisco-bba-bounces at puck.nether.net] On Behalf Of
cisco-bba-request at puck.nether.net
Sent: Thursday, 29 November 2007 4:00 AM
To: cisco-bba at puck.nether.net
Subject: cisco-bba Digest, Vol 53, Issue 2

Send cisco-bba mailing list submissions to
	cisco-bba at puck.nether.net

To subscribe or unsubscribe via the World Wide Web, visit
	https://puck.nether.net/mailman/listinfo/cisco-bba
or, via email, send a message with subject or body 'help' to
	cisco-bba-request at puck.nether.net

You can reach the person managing the list at
	cisco-bba-owner at puck.nether.net

When replying, please edit your Subject line so it is more specific than
"Re: Contents of cisco-bba digest..."


Today's Topics:

   1. Disconnecting users (Dermot Williams)
   2. Re: Disconnecting users (Tom Storey)
   3. Re: Disconnecting users (Jon Lewis)


----------------------------------------------------------------------

Message: 1
Date: Wed, 28 Nov 2007 12:09:04 -0000
From: "Dermot Williams" <dermot.williams at irishbroadband.ie>
Subject: [cisco-bba] Disconnecting users
To: <cisco-bba at puck.nether.net>
Message-ID:
	
<F8F202557BB3B84C9E8CDDFAA1FC3DFD01BE1BA6 at DUBMS01.irishbroadband.ie>
Content-Type: text/plain; charset="us-ascii"

Hi,

 

We need to be able to disconnect users from our LNS when they haven't
paid their bill - can anyone give me some pointers on the most effective
way to do this? 

 

I had initially thought of just changing the users password in RADIUS
but that is only effective for suspending users who switch off their
modem or disconnect regularly - customers who leave their modems logged
in all of the time may continue to receive service for months after they
have been 'suspended'.

 

The only other alternative that I can think of is to use an SNMPSET
message to clear the VI that the customer is using. This would probably
require a little script-fu but it's not insurmountable but I'd love to
know if there is a more elegant way to approach this?

 

Dermot Williams

Senior Network Engineer

Irish Broadband Internet Services Ltd.

 







This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please immediately delete it and
all copies of it from your system, destroy any hard copies of it and
notify the sender. You must not, directly or indirectly, use, disclose,
distribute, print, or copy any part of this message if you are not the
intended recipient. Irish Broadband and any of its subsidiaries each
reserve the right to monitor all e-mail communications through its
networks. Any views expressed in this message are those of the
individual sender, except where the message states otherwise and the
sender is authorized to state them to be the views of any such entity.

Irish Broadband Internet Services Ltd, Registered in Ireland, Number:
357181, Registered Office: Burton Court, Burton Hall Road, Sandyford
Industrial Estate, Dublin 18
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
https://puck.nether.net/pipermail/cisco-bba/attachments/20071128/e9d123d
5/attachment-0001.html 

------------------------------

Message: 2
Date: Wed, 28 Nov 2007 22:57:16 +1030 (CST)
From: "Tom Storey" <tom at snnap.net>
Subject: Re: [cisco-bba] Disconnecting users
To: "Dermot Williams" <dermot.williams at irishbroadband.ie>
Cc: cisco-bba at puck.nether.net
Message-ID: <63826.172.25.144.4.1196252836.squirrel at imap.snnap.net>
Content-Type: text/plain;charset=iso-8859-1

If you are good with scripting you can always login, perform a "show
users wide" filtering by username, then grab their interface name, and
"clear int x".

If youre not fussed on doing it by username, say for fear that you might
pick up another user (e.g. filtering on "bob at isp" could also pick up
"abob at isp"), you could always grab their IP address from your RADIUS
database, filter a "show users" by IP, grab the interface name, and
clear it.

Of course you can always include some sanity checks to ensure that you
havnt picked up the incorrect username, and/or handle multiple instances
of the same username that should be booted off.

Thats how I'd do it, personally :-)

Something like this shouldnt be too hard to write, I could probably whip
something up in a couple of minutes in Perl if that suits your
requirements.

Cheers,
Tom

> Hi,
>
>
>
> We need to be able to disconnect users from our LNS when they haven't 
> paid their bill - can anyone give me some pointers on the most 
> effective way to do this?
>
>
>
> I had initially thought of just changing the users password in RADIUS 
> but that is only effective for suspending users who switch off their 
> modem or disconnect regularly - customers who leave their modems 
> logged in all of the time may continue to receive service for months 
> after they have been 'suspended'.
>
>
>
> The only other alternative that I can think of is to use an SNMPSET 
> message to clear the VI that the customer is using. This would 
> probably require a little script-fu but it's not insurmountable but 
> I'd love to know if there is a more elegant way to approach this?
>
>
>
> Dermot Williams
>
> Senior Network Engineer
>
> Irish Broadband Internet Services Ltd.
>
>
>
>
>
>
>
>
>
> This message is for the named person's use only. It may contain 
> confidential, proprietary or legally privileged information. No 
> confidentiality or privilege is waived or lost by any mistransmission.

> If you receive this message in error, please immediately delete it and

> all copies of it from your system, destroy any hard copies of it and 
> notify the sender. You must not, directly or indirectly, use, 
> disclose, distribute, print, or copy any part of this message if you 
> are not the intended recipient. Irish Broadband and any of its 
> subsidiaries each reserve the right to monitor all e-mail 
> communications through its networks. Any views expressed in this 
> message are those of the individual sender, except where the message 
> states otherwise and the sender is authorized to state them to be the
views of any such entity.
>
> Irish Broadband Internet Services Ltd, Registered in Ireland, Number:
> 357181, Registered Office: Burton Court, Burton Hall Road, Sandyford 
> Industrial Estate, Dublin 18 
> _______________________________________________
> cisco-bba mailing list
> cisco-bba at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-bba



------------------------------

Message: 3
Date: Wed, 28 Nov 2007 07:54:49 -0500 (EST)
From: Jon Lewis <jlewis at lewis.org>
Subject: Re: [cisco-bba] Disconnecting users
To: Dermot Williams <dermot.williams at irishbroadband.ie>
Cc: cisco-bba at puck.nether.net
Message-ID: <Pine.LNX.4.61.0711280753510.3306 at soloth.lewis.org>
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed

On Wed, 28 Nov 2007, Dermot Williams wrote:

> We need to be able to disconnect users from our LNS when they haven't 
> paid their bill - can anyone give me some pointers on the most 
> effective way to do this?

Lock their passwd and search for RADIUS Packet of Disconnect (or radius
pod).

----------------------------------------------------------------------
  Jon Lewis                   |  I route
  Senior Network Engineer     |  therefore you are
  Atlantic Net                |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________


------------------------------

_______________________________________________
cisco-bba mailing list
cisco-bba at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba

End of cisco-bba Digest, Vol 53, Issue 2
****************************************

This email and any files transmitted with it are confidential and intended solely for the 
use of the individual or entity to whom they are addressed. Please notify the sender 
immediately by email if you have received this email by mistake and delete this email 
from your system. Please note that any views or opinions presented in this email are solely
 those of the author and do not necessarily represent those of the organisation. 
Finally, the recipient should check this email and any attachments for the presence of 
viruses. The organisation accepts no liability for any damage caused by any virus 
transmitted by this email. 



More information about the cisco-bba mailing list