[c-nsp] pppoe with 7200

Robert Blayzor rblayzor at inoc.net
Wed Mar 9 08:27:05 EST 2005


Thomas Braun wrote:
> Yes, we authenticate the users with RADIUS(Radiator).
> 
> Do you have an example configuration, maybe for an other RADIUS-Server?

My recommendation is not to play games with the RADIUS server to keep
track of your duplicate sessions, it will shoot you in the foot every
time, especially on large installations.  The RADIUS protocol isn't
always reliable enough to make sure you receive EVERY single start and
stop record.  While a few RADIUS servers (like Radiator) allow you to
double check the NAS box via SNMP to see if a user is still logged in,
it doesn't scale well and adds a lot of unnecessary processing load on a
RADIUS server.  (especially a RADIUS server like Radiator that is not
multi threaded).

That being said, you CAN limit the amount of PPPoE sessions coming from
a single MAC address or a single PVC for that matter.

ie:

vpdn-group 1
 accept-dialin
  protocol pppoe
  virtual-template 1
 pppoe limit per-mac 1
 pppoe limit per-vc 3

-- 
Robert Blayzor, BOFH
INOC, LLC
rblayzor\@(inoc.net|gmail.com)
PGP: http://www.inoc.net/~dev/
Key fingerprint = 1E02 DABE F989 BC03 3DF5  0E93 8D02 9D0B CB1A A7B0

Meets quality standards:  Compiles without errors.


More information about the cisco-nsp mailing list