<table cellspacing="0" cellpadding="0" border="0" ><tr><td valign="top" style="font: inherit;"><DIV>I am using :</DIV>
<DIV>pppoe circuit padr per-mac count 3 allow-time 120 drop-time 120<BR>pppoe circuit padi per-mac count 3 allow-time 120 drop-time 120</DIV>
<DIV> </DIV>
<DIV>Thanks<BR></DIV>
<DIV> </DIV>
<DIV><BR>--- On <B>Tue, 11/9/10, Frans Legdeur <I><frans@falco-networks.com></I></B> wrote:<BR></DIV>
<BLOCKQUOTE style="BORDER-LEFT: rgb(16,16,255) 2px solid; PADDING-LEFT: 5px; MARGIN-LEFT: 5px"><BR>From: Frans Legdeur <frans@falco-networks.com><BR>Subject: Re: [rbak-nsp] high aaad load because of automatically redial modem<BR>To: "Ahmad Rifai" <ahmad.rifai@gmail.com>, redback-nsp@puck.nether.net<BR>Date: Tuesday, November 9, 2010, 3:26 PM<BR><BR>
<DIV id=yiv267629187><FONT face="Calibri, Verdana, Helvetica, Arial"><SPAN style="FONT-SIZE: 11pt">Hi Ahmed,<BR><BR>To move subscribers to the other context might not be necessary, but it’s the easiest way:<BR>Radius would normally reply:<BR><BR>Request: John@ISP1 Password = “letmein”<BR>Reply: Service-Type = Framed-User,<BR> Framed-IP-Address = 80.85.34.55,<BR> Framed-IP-Netmask = 255.255.255.255,<BR> RB-Context-Name = “INTERNET”<BR><BR>Now, this subscriber doesn’t pay for his connection, so lets put him somewhere else:<BR><BR>Request: John@ISP1 Password = “letmein”<BR>Reply: Service-Type =
Framed-User,<BR> Framed-IP-Address = 80.85.34.55,<BR> Framed-IP-Netmask = 255.255.255.255,<BR> RB-Context-Name = “BLACKHOLE”<BR><BR>You can have the same subscriber interface at context “BLACKHOLE” as on context “INTERNET”, the difference between them is the fact that context “BLAKHOLE” is going nowhere, it holds only one interface with NO route out! (Unless if you connect a web server with catch all capabilities.) Be aware that you have to lookup the Context-Name VSA in the dictionary.redback under free-radius for the correct spelling!<BR><BR>The radius configuration is not the issue, as you could see, it only needs this RB-Context-Name to be set. <BR>here is what the radius setup “should” look like, to my
humble opinion.<BR><BR>Radius is nothing than a mediator between the requestor (ie. Redback) and the database (ie. Text file or any sql like db)<BR>So if this context name is part of the reply items, it could come from the database.<BR>If not, you could have set this by default, so you need an override meganism , that will set this when subscriber are in a need to be set apart.<BR><BR>Let me know if this is helping you, if not or not enough, provide me your free-radius configuration file so that we could dig deeper.<BR><BR><BR>Kind regards,<BR><BR><BR>Frans.<BR><BR><BR><BR>
<HR align=center SIZE=3 width="95%">
<B>From: </B>Ahmad Rifai <<A rel=nofollow>ahmad.rifai@gmail.com</A>><BR><B>Date: </B>Tue, 9 Nov 2010 16:27:43 +0700<BR><B>To: </B><<A rel=nofollow>redback-nsp@puck.nether.net</A>><BR><B>Subject: </B>Re: [rbak-nsp] redback-nsp Digest, Vol 35, Issue 3<BR><BR>Hi Frans, do you have specific configuration in the radius that force the subscriber to specific context that has no route to anywhere, my company use free radius, i really apreciate ur help, thx before<BR><BR>@Navin : thx pal, what number r u use to do this throttling, since i dont know what the effect if the number is to high or too low, for now i have about 32K subscriber in my radius, and the auth part is about 400 more or less<BR><BR>here's the capture<BR><BR>[local]BRAS-D3-BDG#sho subs sum<BR>--------------------------------------------------------------------------------<BR>Total=29679<BR><BR>Type Authenticating
Active Disconnecting<BR>PPP 0 0 0<BR>PPPoE 369 32447 44<BR>DOT1Q 0 0 0<BR>CLIPs 0 0 0<BR>ATM-B1483
0 0 0<BR>ATM-R1483 0 0 0<BR>Mobile-IP 0 0 0<BR><BR>On Tue, Nov 9, 2010 at 12:00 AM, <<A rel=nofollow>redback-nsp-request@puck.nether.net</A>> wrote:<BR></SPAN></FONT>
<BLOCKQUOTE><FONT face="Calibri, Verdana, Helvetica, Arial"><SPAN style="FONT-SIZE: 11pt">Send redback-nsp mailing list submissions to<BR> <A rel=nofollow>redback-nsp@puck.nether.net</A><BR><BR>To subscribe or unsubscribe via the World Wide Web, visit<BR> <A href="https://puck.nether.net/mailman/listinfo/redback-nsp" rel=nofollow target=_blank>https://puck.nether.net/mailman/listinfo/redback-nsp</A><BR>or, via email, send a message with subject or body 'help' to<BR> <A rel=nofollow>redback-nsp-request@puck.nether.net</A><BR><BR>You can reach the person managing the list at<BR> <A rel=nofollow>redback-nsp-owner@puck.nether.net</A><BR><BR>When replying, please edit your Subject line so it is more specific<BR>than "Re: Contents of redback-nsp digest..."<BR><BR><BR>Today's Topics:<BR><BR> 1. high aaad load because of
automatically redial modem (Ahmad Rifai)<BR> 2. Re: high aaad load because of automatically redial modem<BR> (Frans Legdeur)<BR> 3. Re: high aaad load because of automatically redial modem<BR> (Navin Nepali)<BR><BR><BR>----------------------------------------------------------------------<BR><BR>Message: 1<BR>Date: Mon, 8 Nov 2010 13:02:22 +0700<BR>From: Ahmad Rifai <<A rel=nofollow>ahmad.rifai@gmail.com</A>><BR>To: <A rel=nofollow>redback-nsp@puck.nether.net</A><BR>Subject: [rbak-nsp] high aaad load because of automatically redial<BR> modem<BR>Message-ID:<BR> <<A rel=nofollow>AANLkTimOxMyJM_vXq3GVjWYF+zUOxJ2SYXmARCExg+HM@mail.gmail.com</A> <<A href="http://us.mc1127.mail.yahoo.com/mc/compose?to=AANLkTimOxMyJM_vXq3GVjWYF%2BzUOxJ2SYXmARCExg%2BHM@mail.gmail.com" rel=nofollow target=_blank
ymailto="mailto:AANLkTimOxMyJM_vXq3GVjWYF%2BzUOxJ2SYXmARCExg%2BHM@mail.gmail.com">mailto:AANLkTimOxMyJM_vXq3GVjWYF%2BzUOxJ2SYXmARCExg%2BHM@mail.gmail.com</A>> ><BR>Content-Type: text/plain; charset="iso-8859-1"<BR><BR>hi guys, i have issue about redback se-800,<BR>when each first date of the month we have enourmous fail authentication<BR>issue and its because we have blocked bad debt customer (the customer didn't<BR>pay for their last month usage so we blocked them with a flag in radius),<BR>but since the customer using pppoe connection and their modem is<BR>automatically redial, they keep authenticating and bras keep rejecting. This<BR>situation make the bras aaad process so high (about 60%) and sometimes make<BR>it halt and collapsed the bras so it cant process anymore request and<BR>trafic. do you have the solution about this problem ?<BR>-------------- next part --------------<BR>An HTML attachment was scrubbed...<BR>URL: <<A
href="https://puck.nether.net/pipermail/redback-nsp/attachments/20101108/80daf663/attachment-0001.html" rel=nofollow target=_blank>https://puck.nether.net/pipermail/redback-nsp/attachments/20101108/80daf663/attachment-0001.html</A>><BR><BR>------------------------------<BR><BR>Message: 2<BR>Date: Mon, 08 Nov 2010 08:29:56 +0100<BR>From: Frans Legdeur <<A rel=nofollow>frans@falco-networks.com</A>><BR>To: Ahmad Rifai <<A rel=nofollow>ahmad.rifai@gmail.com</A>>, <<A rel=nofollow>redback-nsp@puck.nether.net</A>><BR>Subject: Re: [rbak-nsp] high aaad load because of automatically redial<BR> modem<BR>Message-ID: <<A rel=nofollow>C8FD6585.39573%frans@falco-networks.com</A> <<A href="http://us.mc1127.mail.yahoo.com/mc/compose?to=C8FD6585.39573%25frans@falco-networks.com" rel=nofollow target=_blank
ymailto="mailto:C8FD6585.39573%25frans@falco-networks.com">mailto:C8FD6585.39573%25frans@falco-networks.com</A>> ><BR>Content-Type: text/plain; charset="iso-8859-1"<BR><BR>Hi Ahmed,<BR><BR>Why don?t you create a new context for these subscribers that has no route<BR>out to anywhere.<BR>With radius you guide that ?non-paying? customer towards this context and<BR>provide him any IP address from the pool.<BR>He?s stuck there, if you like you can add a redirct for HTTP towards a<BR>server which displays the message that he should pay for his use.<BR><BR>Kind regards,<BR><BR><BR>Frans.<BR><BR><BR><BR>From: Ahmad Rifai <<A rel=nofollow>ahmad.rifai@gmail.com</A>><BR>Date: Mon, 8 Nov 2010 13:02:22 +0700<BR>To: <<A rel=nofollow>redback-nsp@puck.nether.net</A>><BR>Subject: [rbak-nsp] high aaad load because of automatically redial modem<BR><BR>hi guys, i have issue about redback se-800,?<BR>when each first date of the month we have enourmous fail
authentication<BR>issue and its because we have blocked bad debt customer (the customer didn't<BR>pay for their last month usage so we blocked them with a flag in radius),<BR>but since the customer using pppoe connection and their modem is<BR>automatically redial, they keep authenticating and bras keep rejecting. This<BR>situation make the bras aaad process so high (about 60%) and sometimes make<BR>it halt and collapsed the bras so it cant process anymore request and<BR>trafic. do you have the solution about this problem ?<BR><BR><BR>_______________________________________________<BR>redback-nsp mailing list<BR><A rel=nofollow>redback-nsp@puck.nether.net</A><BR><A href="https://puck.nether.net/mailman/listinfo/redback-nsp" rel=nofollow target=_blank>https://puck.nether.net/mailman/listinfo/redback-nsp</A><BR><BR>-------------- next part --------------<BR>An HTML attachment was scrubbed...<BR>URL: <<A
href="https://puck.nether.net/pipermail/redback-nsp/attachments/20101108/144f2226/attachment-0001.html" rel=nofollow target=_blank>https://puck.nether.net/pipermail/redback-nsp/attachments/20101108/144f2226/attachment-0001.html</A>><BR><BR>------------------------------<BR><BR>Message: 3<BR>Date: Mon, 8 Nov 2010 04:33:04 -0800 (PST)<BR>From: Navin Nepali <<A rel=nofollow>navin_n@yahoo.com</A>><BR>To: Ahmad Rifai <<A rel=nofollow>ahmad.rifai@gmail.com</A>>, <A rel=nofollow>redback-nsp@puck.nether.net</A><BR>Subject: Re: [rbak-nsp] high aaad load because of automatically redial<BR> modem<BR>Message-ID: <<A rel=nofollow>388488.80332.qm@web112711.mail.gq1.yahoo.com</A>><BR>Content-Type: text/plain; charset="utf-8"<BR><BR>I had same issue.?My Se800 CPU was always 99%.?I had done PADI/PADR throttling since then my cpu dropped to 70%.<BR>?<BR>you can use this command to do throttling:<BR>?<BR><BR>pppoe
circuit padi/padr per-mac count padi-num allow-time allow-interval drop-time drop-interval<BR>?<BR>Thanks<BR>--- On Mon, 11/8/10, Frans Legdeur <<A rel=nofollow>frans@falco-networks.com</A>> wrote:<BR><BR><BR>From: Frans Legdeur <<A rel=nofollow>frans@falco-networks.com</A>><BR>Subject: Re: [rbak-nsp] high aaad load because of automatically redial modem<BR>To: "Ahmad Rifai" <<A rel=nofollow>ahmad.rifai@gmail.com</A>>, <A rel=nofollow>redback-nsp@puck.nether.net</A><BR>Date: Monday, November 8, 2010, 12:59 PM<BR><BR><BR>Hi Ahmed,<BR><BR>Why don?t you create a new context for these subscribers that has no route out to anywhere.<BR>With radius you guide that ?non-paying? customer towards this context and provide him any IP address from the pool.<BR>He?s stuck there, if you like you can add a redirct for HTTP towards a server which displays the message that he should pay for his use.<BR><BR>Kind
regards,<BR><BR><BR>Frans.<BR><BR><BR><BR><BR>From: Ahmad Rifai <<A rel=nofollow>ahmad.rifai@gmail.com</A>><BR>Date: Mon, 8 Nov 2010 13:02:22 +0700<BR>To: <<A rel=nofollow>redback-nsp@puck.nether.net</A>><BR>Subject: [rbak-nsp] high aaad load because of automatically redial modem<BR><BR>hi guys, i have issue about redback se-800,?<BR>when each first date of the month we have enourmous fail authentication issue and its because we have blocked bad debt customer (the customer didn't pay for their last month usage so we blocked them with a flag in radius), but since the customer using pppoe connection and their modem is automatically redial, they keep authenticating and bras keep rejecting. This situation make the bras aaad process so high (about 60%) and sometimes make it halt and collapsed the bras so it cant process anymore request and trafic. do you have the solution about this problem
?<BR><BR><BR><BR>_______________________________________________<BR>redback-nsp mailing list<BR><A rel=nofollow>redback-nsp@puck.nether.net</A><BR><A href="https://puck.nether.net/mailman/listinfo/redback-nsp" rel=nofollow target=_blank>https://puck.nether.net/mailman/listinfo/redback-nsp</A><BR><BR>-----Inline Attachment Follows-----<BR><BR><BR>_______________________________________________<BR>redback-nsp mailing list<BR><A rel=nofollow>redback-nsp@puck.nether.net</A><BR><A href="https://puck.nether.net/mailman/listinfo/redback-nsp" rel=nofollow target=_blank>https://puck.nether.net/mailman/listinfo/redback-nsp</A><BR><BR><BR><BR><BR>-------------- next part --------------<BR>An HTML attachment was scrubbed...<BR>URL: <<A href="https://puck.nether.net/pipermail/redback-nsp/attachments/20101108/efdb4cc2/attachment-0001.html" rel=nofollow
target=_blank>https://puck.nether.net/pipermail/redback-nsp/attachments/20101108/efdb4cc2/attachment-0001.html</A>><BR><BR>------------------------------<BR><BR>_______________________________________________<BR>redback-nsp mailing list<BR><A rel=nofollow>redback-nsp@puck.nether.net</A><BR><A href="https://puck.nether.net/mailman/listinfo/redback-nsp" rel=nofollow target=_blank>https://puck.nether.net/mailman/listinfo/redback-nsp</A><BR><BR><BR>End of redback-nsp Digest, Vol 35, Issue 3<BR>******************************************<BR></SPAN></FONT></BLOCKQUOTE><FONT face="Calibri, Verdana, Helvetica, Arial"><SPAN style="FONT-SIZE: 11pt"><BR><BR>
<HR align=center SIZE=3 width="95%">
</SPAN></FONT><FONT face="Monaco, Courier New"><SPAN style="FONT-SIZE: 12pt">_______________________________________________<BR>redback-nsp mailing list<BR><A rel=nofollow>redback-nsp@puck.nether.net</A><BR><A href="https://puck.nether.net/mailman/listinfo/redback-nsp" rel=nofollow target=_blank>https://puck.nether.net/mailman/listinfo/redback-nsp</A><BR></SPAN></FONT></DIV><BR>-----Inline Attachment Follows-----<BR><BR>
<DIV class=plainMail>_______________________________________________<BR>redback-nsp mailing list<BR><A href="http://us.mc1127.mail.yahoo.com/mc/compose?to=redback-nsp@puck.nether.net" ymailto="mailto:redback-nsp@puck.nether.net">redback-nsp@puck.nether.net</A><BR><A href="https://puck.nether.net/mailman/listinfo/redback-nsp" target=_blank>https://puck.nether.net/mailman/listinfo/redback-nsp</A><BR></DIV></BLOCKQUOTE></td></tr></table><br>