[j-nsp] JUNOSe: something like 'soft shutdown' ?

Alexandre Snarskii snar at paranoia.ru
Tue Nov 13 12:59:39 EST 2007


On Tue, Nov 13, 2007 at 10:03:16AM +0100, Olaf Baumert wrote:
> 
> To dont't let new sessions come online, you may use a domain-map with
> user override to a user which don't authorize.
> 
> like
> aaa domain-map some-domain.tld
>  override-user name foo password bar
> 
> this should'nt affect acitve sessions, but won't any new come
> active.

Interesting idea, thanks.

However, from my point of view (not tested it yet), that solution
is not acceptable in real life - instead of simple 'dropping' incoming
pppoe packets it will try to setup ppp and authenticate user - and, as
a result of username remapping, authentication will fail... 
And user received 'Authentication failed' response will call to 
support and cry.... 
Simple shutting down pppoe interface (enforcing users to reconnect
to another bras after keepalive timeout) looks better - did it today 
morning and got three calls to support from ~500 users disconnected. 

Or have I missed something ? 



More information about the juniper-nsp mailing list