[cisco-nas] SNMP - cpmActiveUser
Yannis Xydas
yxydas at teiath.gr
Thu May 6 01:09:58 EDT 2004
Dear Gerald,
I have resolved the same problem with SNMP & FreeRadius (customized by
us) using Virtual template (for ISDN users) on a 5400 (running 12.2 (15)
T5). You can debug the connection (debug aaa neg etc.) with
and without Virtual template and check what it is exhanged between the
NAS and your radius server.
Regards
Yannis Xydas
Network Operation Center
TEI of Athens
Gerald Krause wrote:
> Hello,
>
> I have a problem using this OID:
>
> - OID: .1.3.6.1.4.1.9.10.19.1.3.1.1.3
> - Name: cpmActiveUser
> - Description: List of users currently connected and authenticated
>
> What I wanna do:
> To deny multiple logins, when an AUTHreq arrives the RADIUS server, he
> snmpwalk's the NAS with the OID to get a list of already logged in
> users and compare the username from the AUTHreq against the usernames
> from this list. If he found the username from the AUTHreq already in
> the list of connected users he will send an NACK - otherwise an ACK.
>
> This RADIUS/SNMP procedure works fine with our virtual dial platform
> (72xx L2TP NAS/LNS) but not for the real ISDN dial users terminating
> on the AS5300. The AS5300 SNMP user list contain always the username
> from the AUTHreq so all login attempts where NACKed.
> Maybe this behavior is understandable because during the RADIUS
> authentication the user occupied already a BRI channel even if he will
> NACKed later...
>
> ... is there a way to get a list of only "authenticated+authorized"
> users?
>
>
> Thx for some hints
> --
> Gerald
>
> _______________________________________________
> cisco-nas mailing list
> cisco-nas at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nas
>
>
More information about the cisco-nas
mailing list