[rbak-nsp] How to allow only one session for every subscriber?

Eugene Prokopiev enp at itx.ru
Tue Jul 2 05:33:05 EDT 2013


2013/7/2 Peter W <lists at pw.de>:
> Hello Eugene,
>
> Am 02.07.2013 09:31, schrieb Eugene Prokopiev:
>> Is it possible to allow only one session for every subscriber? Now I
>> have many connection attempts with one valid pppoe login/password. I
>> need to connect only first attempt and drop other attempts.
>
> if all subscriber configured on smart-edge, you can try port-limit in
> subscriber-section (saw in configuration, but never tested):
>
>> [local]bras1(config)#context local
>> [local]bras1(config-ctx)#subscriber name the-name-of-subscriber
>> [local]bras1(config-sub)#port-limit ?
>>   1..255  Max number of sessions user may establish

This is already done:

context ngn
  subscriber default
    port-limit 1

But I see many authentication requests to radius server with the same
login/password.

> We used a limit based on agent-circuit-id:
>
>> [local]bras1(config)#context local
>> [local]bras1(config-ctx)#subscriber default
>> [local]bras1(config-sub)#session-limit ?
>>   agent-circuit-id  limit by agent-circuit-id
>>   agent-remote-id   limit by agent-remote-id

I have the same issue with session-limit agent-remote-id 1 and
session-limit agent-circuit-id 1

> An another approach is to solve this problem within the radius-server:
> - store all active subscriber in a (in-mem-)database based on
> radius-accounting
> - during the radius-auth-phase, lookup in the database if subscriber is
> already online

I don't like this solution because I will have problems with lost
accouting stop requests.

--
WBR,
Eugene Prokopiev


More information about the redback-nsp mailing list