-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi all,
> Port-Limit is not the solution. Neither is Simultaneous-Usage.
>
I don't quite agree with you :-)
Port-Limit is a reply-list item. If the NAS is multilink aware it
should handle it.
The issue here is what happens when either the second (well in fact
not-the-first channel) comes up or another user tries to dial up from
another box. We should permit the first case to go through (if it's a
Port-Limit=2 user) but we shouldn't the second one.
Here's an accounting trace from a Multilink user:
This is the first link going up...
Fri Aug 20 09:18:12 1999
Acct-Status-Type = Start
Acct-Session-Id = "84089cd9"
Acct-Delay-Time = 0
NAS-Port = 23
NAS-Port-Type = ISDN
User-Name = "protect-the-innocent"
Service-Type = Framed-User
Framed-Protocol = PPP
Called-Station-Id = "917089800"
Acct-Multi-Session-Id = "84089cd9"
Acct-Link-Count = "<0><0><0><1>"
Acct-Authentic = RADIUS
Framed-IP-Address = x.x.x.41
NAS-IP-Address = x.x.x.248
Timestamp = 935133492
And this is the second (note NAS-Port-Type)
Fri Aug 20 09:18:24 1999
Acct-Status-Type = Start
Acct-Session-Id = "84089cdb"
Acct-Delay-Time = 0
NAS-Port = 5001
NAS-Port-Type = Virtual
User-Name = "protect-the-innocent"
Service-Type = Framed-User
Framed-Protocol = PPP
Acct-Multi-Session-Id = "84089cd9"
Acct-Link-Count = "<0><0><0><2>"
Acct-Authentic = RADIUS
Framed-IP-Address = x.x.x.170
NAS-IP-Address = x.x.x.248
Timestamp = 935133502
Second channel going down:
Fri Aug 20 09:34:21 1999
Acct-Status-Type = Stop
Acct-Session-Id = "84089cdb"
Acct-Session-Time = 958
Acct-Delay-Time = 0
NAS-Port = 5001
NAS-Port-Type = Virtual
User-Name = "protect-the-innocent"
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Address = x.x.x.170
Acct-Input-Octets = 9758
Acct-Output-Octets = 81036
Acct-Input-Packets = 155
Acct-Output-Packets = 370
Acct-Multi-Session-Id = "84089cd9"
Acct-Link-Count = "<0><0><0><2>"
Acct-Terminate-Cause = User-Request
Acct-Authentic = RADIUS
NAS-IP-Address = x.x.x.248
Timestamp = 935134459
And here we have the first channel dying...
Fri Aug 20 09:34:21 1999
Acct-Status-Type = Stop
Acct-Session-Id = "84089cd9"
Acct-Session-Time = 970
Acct-Delay-Time = 0
NAS-Port = 23
NAS-Port-Type = ISDN
User-Name = "protect-the-innocent"
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Address = x.x.x.41
Called-Station-Id = "917089800"
Acct-Input-Octets = 10019
Acct-Output-Octets = 79367
Acct-Input-Packets = 169
Acct-Output-Packets = 385
Acct-Multi-Session-Id = "84089cd9"
Acct-Link-Count = "<0><0><0><2>"
Acct-Terminate-Cause = User-Request
Acct-Authentic = RADIUS
NAS-IP-Address = x.x.x.248
Timestamp = 935134459
We're using 5399 as NASen and, this is the funniest, we're not using
Radiator as authenticator here (just as a proxy; but it will change
soon). Anyway it's the same for the sake of the problem.
If we look at the RADIUS RFC:
5.42. Port-Limit
Description
This Attribute sets the maximum number of ports to be provided
to
the user by the NAS. This Attribute MAY be sent by the server
to
the client in an Access-Accept packet. It is intended for use
in
conjunction with Multilink PPP [7] or similar uses. It MAY
also
be sent by the NAS to the server as a hint that that many ports
are desired for use, but the server is not required to honor
the
hint.
So perhaps Acct-Multi-Session-Id and maybe Acct-Link-Count too could
provide a handle on solving the problem.
Well it was quite a long message. Sorry...
- --
Arturo Pina / [EMAIL PROTECTED]
Dpto. I+D / CTV-Jet (http://www.ctv-jet.com/)
Tfno: +34 96 5845291 / Fax: +34 96 5844896
>
> ===
> Archive at http://www.thesite.com.au/~radiator/
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.1 for non-commercial use <http://www.pgp.com>
iQA/AwUBN70ArmXwKH++xlSbEQK7OgCcCkpHKmCSZ0IJ3qlte+VVBEfUP1IAoIzU
v7R0sOYEnLMQB3NPFTmvzzy7
=R9qT
-----END PGP SIGNATURE-----
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
