[cisco-nas] multilink per-user

Oliver Boehmer (oboehmer) oboehmer at cisco.com
Thu Sep 30 02:36:46 EDT 2004


>> 
>>> I want to prevent particular users from negotiating multilink.
>>> I'm already doing the latter (prevent particular users from
>>> using more than one link) with the multilink max-links attribute.
>> 
>> As the multilink negotation occurs before PPP enters the
>> authentication phase, there is no way to disable this on a per-user
>> basis. The only option is to use RPM (local or remote) and to define
>> a dnis-based template which doesn't include multilink (I think this
>> works, never tried it). 
>> 
>> May I ask why you want to do this if you can restrict the # of bundle
>> members on a per-user basis.
> 
> We want to prevent the following:
> 
> 1. Access server has multilink enabled (under dialer config)
> 2. Client has an isdn-64 account but has enabled multilink
> 
> When the above 2 are happening, the clients gets 1 MLP-Bundle
> interface (+1 Serial ofcourse) in the Access Server with max-links
> set to 1. Since client's multilink is enabled, his ISDN TA tries to
> raise and the 2nd b-channel. The
> router rejects it (radius too), but he has already paid for this isdn
> call. Imagine the call cost when this is happening for some hours
> continuesly! 

I see the problem, but I there is no easy way to prevent this type of
misconfiguration. A more strategic approach would be to allocate two
different DNIS for your dial-in products (one for 64k-only and another
for MLP) and then use local RPM to assign a template which assigns the
desired options. There is no way to achieve this on a per-user basis.

	oli



More information about the cisco-nas mailing list