[rbak-nsp] SE400 some subscribers with Port-Limit = unlimitted instead Port-Limit = 1

Jeff Crowe jeff at wtccommunications.ca
Wed Jan 26 10:45:20 EST 2011 

Are you returning Port-Limit = 1 from radius for dynamic IP subs as well as Static?  

Jeff 

> -----Original Message-----
> From: redback-nsp-bounces at puck.nether.net [mailto:redback-nsp-
> bounces at puck.nether.net] On Behalf Of Luís Cláudio Veiga
> Sent: Wednesday, January 26, 2011 10:40 AM
> To: redback-nsp at puck.nether.net
> Subject: [rbak-nsp] SE400 some subscribers with Port-Limit = unlimitted
> instead Port-Limit = 1
> 
> Hello everyone!
> this is my first time here and would like to post the weird problem i´m
> facing:
> My box is a Redback Networks SmartEdge SE400 running OS Version
> SEOS-6.1.1.5-Release.
> 
> this box is running BRAS function as PPPoE server. I´m using
> NavisRadius as well to authenticate my subscribers that have two
> possible profiles:
> 
> 1 - subscriber with dynamic IP address;
> 2 - subscriber with constant IP address;
> 
> You can see weird problem with port-limit as bellow just only for
> subscriber with dynamic IP address:
> 
> This subscriber is ok:
> NTL-VLI-03919 at VLI
>         Circuit   3/2 vlan-id 311 pppoe 767
>         Internal Circuit   3/2:1023:63/6/2/5782
>         Interface bound  pool1
>         Current port-limit 1                            <------- it is correct
>         context-name BASIC (applied)
>         ip pool pool1 (applied from sub_default)
>         port-limit 1 (applied from sub_default)
>         ip source-validation 1 (applied from sub_default)
>         ppp mtu 1492 (applied from sub_default)
>         dns primary 200.255.125.211 (applied from sub_default)
>         dns secondary 200.255.255.70 (applied from sub_default)
>         ip address 200.167.58.68 (applied from pool)
>         qos-policing-policy 300up (applied)
>         qos-metering-policy 1000down (applied)
>         ip access-group in prevent_trojan (applied from sub_default)
> 
> These subscriber is NOT ok:
> NTL-VLI-03279 at VLI
>         Circuit   3/2 vlan-id 311 pppoe 2653
>         Internal Circuit   3/2:1023:63/6/2/23597
>         Interface bound  pool1
>         Current port-limit unlimited           <------- it is not correct
>         context-name BASIC (applied)
>         ip pool pool1 (applied from sub_default)
>         port-limit 1 (applied from sub_default)
>         ip source-validation 1 (applied from sub_default)
>         ppp mtu 1492 (applied from sub_default)
>         dns primary 200.255.125.211 (applied from sub_default)
>         dns secondary 200.255.255.70 (applied from sub_default)
>         session-limit by agent-remote-id 1 (applied from sub_default)
>         ip address 200.167.56.186 (applied from pool)
>         qos-policing-policy 600up (applied)
>         qos-metering-policy 2000down (applied)
>         ip access-group in prevent_trojan (applied from sub_default)
> #
> NTL-VLI-03404 at VLI
>         Circuit   3/2 vlan-id 311 pppoe 1650
>         Internal Circuit   3/2:1023:63/6/2/30840
>         Interface bound  pool1
>         Current port-limit unlimited <------- it is not correct
>         context-name BASIC (applied)
>         ip pool pool1 (applied from sub_default)
>         port-limit 1 (applied from sub_default)
>         ip source-validation 1 (applied from sub_default)
>         ppp mtu 1492 (applied from sub_default)
>         dns primary 200.255.125.211 (applied from sub_default)
>         dns secondary 200.255.255.70 (applied from sub_default)
>         session-limit by agent-remote-id 1 (applied from sub_default)
>         ip address 200.167.57.50 (applied from pool)
>         qos-policing-policy 600up (applied)
>         qos-metering-policy 2000down (applied)
>         ip access-group in prevent_trojan (applied from sub_default)
> #
> 
> Now, my current config:
> 
> !
> context BASIC
> !
>  no ip domain-lookup
> !
>  interface IP_DINAMICO
>   ip address 200.166.75.233/30
> !
>  interface pool1 multibind lastresort
>   ip unnumbered IP_DINAMICO
>   ip pool 200.167.56.0/22
>   ip pool 200.179.255.0/24
>   ip pool 201.39.36.0/22
> !
>  interface static-pool-ntl multibind
>   ip address 201.65.5.1/24
> !
>  interface static-pool-ntl-1 multibind
>   ip address 189.53.166.1/24
> !
>  interface static-pool-ntl-2 multibind
>   ip address 189.52.57.1/24
> !
>  aaa authentication administrator local
>  aaa authentication subscriber global
>  aaa reauthorization bulk global
> !
>  subscriber default
>    ip address pool name pool1
>    ip access-group prevent_trojan in
>    port-limit 1
>    ip source-validation
>    ppp mtu 1492
>    dns primary 200.255.125.211
>    dns secondary 200.255.255.70
> !
>  ip route 0.0.0.0/0 context local
> !
> end
> 
> _______________________________________________
> redback-nsp mailing list
> redback-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/redback-nsp

More information about the redback-nsp mailing list