[c-nsp] Rate limiting via radius

Oliver Boehmer (oboehmer) oboehmer at cisco.com
Thu May 4 12:09:45 EDT 2006


Paul Stewart <mailto:pstewart at nexicomgroup.net> wrote on Thursday, May
04, 2006 5:57 PM:

> I ran a debug on the router for radius and I get this:
> 

> May  4 11:50:12: RADIUS:  Service-Type        [6]   6   Framed
> [2]
> May  4 11:50:12: RADIUS:  Framed-Compression  [13]  6   VJ TCP/IP
> Header Compressi[1]

I'd not enable any compression as this decreases the performance.. VJ HC
has its benefit on low-speed modem links, the benefit on high-speed BRAS
links is questionable.

> May  4 11:50:12: RADIUS:  Vendor, Cisco       [26]  107
> May  4 11:50:12: RADIUS:   Cisco AVpair       [1]   101
> "lcp:interface-config#1=rate-limit input 256000 7500 7500
> conform-action 
> transmit exceed-action drop"
> May  4 11:50:12: RADIUS:  Vendor, Cisco       [26]  108
> May  4 11:50:12: RADIUS:   Cisco AVpair       [1]   102
> "lcp:interface-config#2=rate-limit output 512000 7500 7500
> conform-action transmit exceed-action drop"
 
> 
> It looks like radius is sending the information forward....
> 
> How do I check specifically the "network authorization" is enabled?  I
> believe it is, but want to clarify it's function and command
> structure.... As I do have:
> 
> aaa authorization network Nexicom group Nexicom
> 
> In the configuration??

did you configure "ppp authorization Nexicom" on your virtual-template
interface? Otherwise, PPP will use the default network authorization
(aaa authorization network default ..), and if this is missing in the
config, it will not perform any authoriztion and ignores your AV-pairs..

	oli



More information about the cisco-nsp mailing list