[cisco-nas] multilink per-user

Tassos Chatzithomaoglou achatz at forthnet.gr
Wed Sep 29 05:31:39 EDT 2004


Hi Oliver,

Oliver Boehmer (oboehmer) wrote:

> Tassos,
> 
> 
>>I want to prevent particular users from negotiating multilink.
>>I'm already doing the latter (prevent particular users from
>>using more than one link) with the multilink max-links attribute.
> 
> 
> As the multilink negotation occurs before PPP enters the authentication
> phase, there is no way to disable this on a per-user basis. The only
> option is to use RPM (local or remote) and to define a dnis-based
> template which doesn't include multilink (I think this works, never
> tried it).
> 
> May I ask why you want to do this if you can restrict the # of bundle
> members on a per-user basis.

We want to prevent the following:

1. Access server has multilink enabled (under dialer config)
2. Client has an isdn-64 account but has enabled multilink

When the above 2 are happening, the clients gets 1 MLP-Bundle interface (+1 Serial 
ofcourse) in the Access Server with max-links set to 1.
Since client's multilink is enabled, his ISDN TA tries to raise and the 2nd b-channel. The 
router rejects it (radius too), but he has already paid for this isdn call. Imagine the 
call cost when this is happening for some hours continuesly!

> 
> 	oli
> 
> 
>>Aaron Leonard wrote:
>>
>>
>>>Tassos,
>>>
>>>Is your goal to prevent particular users from negotiating multilink
>>>per se, or is it only to prevent particular users from using more
>>>than one link?  This latter goal can be accomplished.
>>>
>>>Regards,
>>>
>>>Aaron
>>>
>>>---
>>>
>>>
>>>
>>>>I'm trying to enable/disable "ppp multilink" per-user,
>>
>>which to be honest i don't believe
>>
>>>>it can be done since multilink gets negotiated during the first
>>>>phase of lcp (before the actual authentication, so the per-user
>>>>config is not known). 
>>>
>>>
>>>>I have tried configuring "lcp:interface-config#1=no ppp
>>
>>multilink" in the user's radius
>>
>>>>profile and "ppp multilink" under dialer, or
>>
>>"lcp:interface-config#1=ppp multilink" in the
>>
>>>>user's radius profile and "no ppp multilink" under dialer, but none
>>>>of them seem to be doing what i want, since multilink dialer config
>>>>always overrides my per-user config. 
>>>
>>>
>>>>In the first case if the customer comes with mlp enabled, he ends
>>>>up with mlp enabled. In the second case if the customer comes with
>>>>mlp enabled, he ends up with mlp disabled. 
>>>
>>>
>>>>Preauthentication should work here, but i don't have any CLID/DNIS
>>>>number available. Any other idea? Is there a way i can cause lcp
>>>>renegotiation like in l2tp termination? 
>>>
>>>
>>>
>>>>_______________________________________________
>>>>cisco-nas mailing list
>>>>cisco-nas at puck.nether.net
>>>>https://puck.nether.net/mailman/listinfo/cisco-nas
>>>
>>>
>>_______________________________________________
>>cisco-nas mailing list
>>cisco-nas at puck.nether.net
>>https://puck.nether.net/mailman/listinfo/cisco-nas
> 
> 


More information about the cisco-nas mailing list