[rbak-nsp] How to allow only one session for every subscriber?
Eugene Prokopiev
enp at itx.ru
Tue Jul 2 05:33:05 EDT 2013
2013/7/2 Peter W <lists at pw.de>:
> Hello Eugene,
>
> Am 02.07.2013 09:31, schrieb Eugene Prokopiev:
>> Is it possible to allow only one session for every subscriber? Now I
>> have many connection attempts with one valid pppoe login/password. I
>> need to connect only first attempt and drop other attempts.
>
> if all subscriber configured on smart-edge, you can try port-limit in
> subscriber-section (saw in configuration, but never tested):
>
>> [local]bras1(config)#context local
>> [local]bras1(config-ctx)#subscriber name the-name-of-subscriber
>> [local]bras1(config-sub)#port-limit ?
>> 1..255 Max number of sessions user may establish
This is already done:
context ngn
subscriber default
port-limit 1
But I see many authentication requests to radius server with the same
login/password.
> We used a limit based on agent-circuit-id:
>
>> [local]bras1(config)#context local
>> [local]bras1(config-ctx)#subscriber default
>> [local]bras1(config-sub)#session-limit ?
>> agent-circuit-id limit by agent-circuit-id
>> agent-remote-id limit by agent-remote-id
I have the same issue with session-limit agent-remote-id 1 and
session-limit agent-circuit-id 1
> An another approach is to solve this problem within the radius-server:
> - store all active subscriber in a (in-mem-)database based on
> radius-accounting
> - during the radius-auth-phase, lookup in the database if subscriber is
> already online
I don't like this solution because I will have problems with lost
accouting stop requests.
--
WBR,
Eugene Prokopiev
More information about the redback-nsp
mailing list