Michael. Thanks much for the start. I am going to do some further reading to see what i can come up with. I must also confirm COA support on our Juniper E320 NAS devices.
Rohan On Mon, 15 Oct 2012 13:34:38 -0400 Michael <[email protected]> wrote: > >This was the hardest thing to get working and automated for me personally. I >don't know if there is an easy way of doing it. I didn't find one. I >accomplished it with a complicated process. It could be as simple as a script >to execute "./radpwtst -s IP -code Change-Filter-Request etc....." > > >My complicated process goes something like the following, but I would suggest >making sure the above simple method works for you as I do have a couple nas's >where CoA just doesn't work with the IOS that it has. > >- a script process that injects Change-Filter-Request packets into the >radiator service, using radpwtst: > push( @change_args, ( > '-s', 'local radiator ip', > '-code', 'Change-Filter-Request', > "Timestamp=$timestamp", > "NAS-IP-Address=$nas_ip", > "NAS-Port=$nas_port", > "Acct-Session-Id=$sess_id", > "Framed-IP-Address=$ip", > "Class=$class", > "cisco-Policy-Up=$rate_up", > "cisco-Policy-Down=$rate_down" > ) > >- a Handler with custom Hook configured to read the cisco-Policy rate values >from the injected packet, and look up the proper policy command from a >radiator global variable depending on the nas-ip-address since I have multiple >nas's that require different commands. >eg. global variable: >DefineFormattedGlobalVar 1.2.3.4-RATE100M-up ip:sub-qos-policy-in=RATE100M >DefineFormattedGlobalVar 1.2.3.4-RATE100M-down ip:sub-qos-policy-out=RATE100M > >- add 2 "cisco-avpair" attributes to the packet with the up rate and down rate >commands. These are the actual commands the NAS needs to change the rate >limit. The policy must already be setup on your nas. >ie: >cisco-avpair="ip:sub-qos-policy-in=RATE100M" >cisco-avpair="ip:sub-qos-policy-out=RATE100M" > >- then a custom authby that required patching to determine what nas to forward >the packet to, since i have multiple nas's. Also another authby that logs this >request which is not required but i wanted to log it. > > >There's much more to it, but I don't want to get too deep here. it all pretty >much revolves around building the Change-Filter-Request packet with >"./radpwtst -code Change-Filter-Request" and ether send that to the nas, or >inject it into radiator so you can do other things with it. > > >Michael > > >On 15/10/12 12:47 PM, [email protected] wrote: >> Hello all, >> >> I do not see any info on the captioned in the Radiator documentation. Where >> do I go to see details on implementing COA? >> >> Thanks. >> >> Rohan >> _______________________________________________ >> radiator mailing list >> [email protected] >> http://www.open.com.au/mailman/listinfo/radiator >> >> Rohan Henry Server Administrator LIME Phone (876) 936-4819 Mobile (876) 997-0729 _______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
