It depends on the type of NAS you are using.
On some Cisco Access Servers you can use SNMP to administratively disable the line the user is on then administratively enable the line to allow new connections on it.
Even between different classes of Cisco products, the SNMP OID codes may be different. And other vendors will likely have much different OID codes.
A snippet from Cisco's IF-MIB.my file :
----start----
ifAdminStatus OBJECT-TYPE
SYNTAX INTEGER {
up(1), -- ready to pass packets
down(2),
testing(3) -- in some test mode
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The desired state of the interface. The testing(3) state
indicates that no operational packets can be passed. When a
managed system initializes, all interfaces start with
ifAdminStatus in the down(2) state. As a result of either
explicit management action or per configuration information
retained by the managed system, ifAdminStatus is then
changed to either the up(1) or testing(3) states (or remains
in the down(2) state)."
::= { ifEntry 7 }
----end----Match the index number to the interface : ----start---- # snmpwalk -v 2c -c community server.domain.tld ifDescr IF-MIB::ifDescr.1 = STRING: Ethernet0 IF-MIB::ifDescr.2 = STRING: Serial0 IF-MIB::ifDescr.3 = STRING: Serial1 IF-MIB::ifDescr.4 = STRING: Null0 IF-MIB::ifDescr.5 = STRING: T1 0 IF-MIB::ifDescr.6 = STRING: T1 1 IF-MIB::ifDescr.7 = STRING: Serial0:0 IF-MIB::ifDescr.8 = STRING: Serial0:1 IF-MIB::ifDescr.9 = STRING: Serial0:2 ... IF-MIB::ifDescr.101 = STRING: Serial1:21 IF-MIB::ifDescr.102 = STRING: Serial1:22 IF-MIB::ifDescr.103 = STRING: Loopback0 IF-MIB::ifDescr.104 = STRING: Dialer1 IF-MIB::ifDescr.105 = STRING: Async1 IF-MIB::ifDescr.106 = STRING: Async2 ... IF-MIB::ifDescr.137 = STRING: Async33 IF-MIB::ifDescr.138 = STRING: Async34 IF-MIB::ifDescr.139 = STRING: Async35 IF-MIB::ifDescr.140 = STRING: Async36 ... IF-MIB::ifDescr.150 = STRING: Async46 IF-MIB::ifDescr.151 = STRING: Async47 IF-MIB::ifDescr.152 = STRING: Async48 IF-MIB::ifDescr.153 = STRING: Virtual-Access1 IF-MIB::ifDescr.154 = STRING: Virtual-Access2 IF-MIB::ifDescr.155 = STRING: Virtual-Access3 ----end---
For example if a user is on :
NAS-Port = 34, NAS-Port-Type = Async
The index number for the appropriate line ;
IF-MIB::ifDescr.138 = STRING: Async34
Would be :
138
Verify the port is active :
# snmpget -v 2c -c community server.domain.tld ifOperStatus.138 ifAdminStatus.138
----start----
IF-MIB::ifOperStatus.138 = INTEGER: up(1)
IF-MIB::ifAdminStatus.138 = INTEGER: up(1)
----end----
To reset the user you would use something like this :
# snmpset -v 2c -c community server.domain.tld ifAdminStatus.138 i 2 IF-MIB::ifAdminStatus.138 = INTEGER: down(2) # snmpset -v 2c -c community server.domain.tld ifAdminStatus.138 i 1 IF-MIB::ifAdminStatus.138 = INTEGER: up(1)
This works on a Cisco 5200 that I maintain, but your mileage may vary.
Nurul Faizal Bin M.Shukeri wrote:
Hi again,
How am I going to kill online users other than radkill, may be ucd-snmp. Anyone can help me..
**Nurul Faizal Bin M.Shukeri**
Pusat Komputer,
Universiti Sains Malaysia.
-- Guy Fraser
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
