[c-nsp] Rate limiting via radius
Paul Stewart
pstewart at nexicomgroup.net
Thu May 4 11:44:59 EDT 2006
We don't have that utility on the server... Just checked.....
The entry in the users file is:
xxxxxxxx Auth-Type = System
Service-Type = Framed-User,
Framed-Compression = Van-Jacobson-TCP-IP,
Cisco-AVPair = "lcp:interface-config#1=rate-limit input 256000
7500 7500 conform-action transmit exceed-action drop",
Cisco-AVPair = "lcp:interface-config#2=rate-limit output 512000
7500 7500 conform-action transmit exceed-action drop"
Maybe it's just something missing in the above entry? ;)
On the router side I can see this:
acs1-con-mb#sh interfaces vi945 configuration
Virtual-Access945 is a PPP over Ethernet link (sub)interface
Derived configuration : 275 bytes
!
interface Virtual-Access945
ip unnumbered Loopback0
ip mroute-cache
no logging event link-status
no snmp trap link-status
peer default ip address pool default
ppp authentication pap Nexicom
ppp authorization Nexicom
ppp accounting Nexicom
no clns route-cache
End
Thanks for any suggestions you may have...
Paul
-----Original Message-----
From: Kristofer Sigurdsson [mailto:kristosig at gmail.com]
Sent: Thursday, May 04, 2006 11:39 AM
To: Paul Stewart
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Rate limiting via radius
Could you paste the RADIUS reply (which you can get with a utility like
radtest)?
2006/5/4, Paul Stewart <pstewart at nexicomgroup.net>:
> Thanks for the reply...
>
> The Radius server is sending it to the best of our knowledge but it's
> not showing up at all on the router. Weird though, the test account
> slows down to a crawl but when I do a "show interface vi233
rate-limit"
> it doesn't show anything....
>
> I have restarted etc. and it loads the users file no problem and
> doesn't complain about any issues...
>
> Thanks,
>
> Paul
>
>
> -----Original Message-----
> From: Kristofer Sigurdsson [mailto:kristosig at gmail.com]
> Sent: Thursday, May 04, 2006 11:03 AM
> To: Paul Stewart
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] Rate limiting via radius
>
> We're using FreeRADIUS and have no problems at all (not rate limiting,
> but using other interface commands).
>
> If you have more AV-Pair attributes, you might have to use "+=" add
> new ones.
>
> What exactly is not working? Is the RADIUS server delivering it
> correctly and the router not using it, or do you have problems getting
> the RADIUS server to deliver? Do you have a sample output from the
> RADIUS server?
>
> -Kristo
>
> 2006/5/4, Paul Stewart <pstewart at nexicomgroup.net>:
> > Thanks... We've had problems getting this to work but will continue
> > investigating..
> >
> > Does anyone have a complete sample of this in a working radius
> > config file? We're using Cistron if that matters...
> >
> > Paul Stewart
> > IP Routing/Switching
> > Nexicom Inc.
> > http://www.nexicom.net/
> >
> > -----Original Message-----
> > From: Kristofer Sigurdsson [mailto:kristosig at gmail.com]
> > Sent: Thursday, May 04, 2006 10:48 AM
> > To: Paul Stewart
> > Cc: cisco-nsp at puck.nether.net
> > Subject: Re: [c-nsp] Rate limiting via radius
> >
> > Maybe you could use RADIUS AV-pairs to put in rate limiting commands
> > on the virtual access interfaces?
> >
> > Like so:
> >
> > cisco-avpair = lcp:interface-config#1=rate-limit input [...]
> >
> > 2006/5/4, Paul Stewart <pstewart at nexicomgroup.net>:
> > > Can anyone tell me what attributes I can use to do rate-limiting
> > > on our 7206VXR that's terminating DSL users both via PPPOE and
> PPPoVPDN?
> >
> > > Our 7206VXR has a number of l2tp tunnels coming in from our telco
> > > provider and also direct OC-3 termination from our own DSLAMS.
> > >
> > > We need a way to limit on a per customer basis using Radius....
> > >
> > > Thanks in advance,
> > >
> > > Paul Stewart
> > > IP Routing/Switching
> > > Nexicom Inc.
> > > http://www.nexicom.net/
> > >
> > > _______________________________________________
> > > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > > archive at http://puck.nether.net/pipermail/cisco-nsp/
> > >
> >
>
More information about the cisco-nsp
mailing list