[RADIATOR] Bandwidth switch COA advice
Hello Friends,
I want to do a COA ,to switch the bandwidth profile of the users after
they exceed maximum their allocated quota. Which are the attributes to
be included in the COA script to achieve this( (with respect to the
following Accounting request capture from the NAS[cisco ISG]) , is it
cisco-Policy-Up/Down or some other?
what additional script lines might be required to achieve this bandwidth
switch COA?
Is there some configuration to be changed on the NAS end?
To make myself clear ,my requirement is for example, to switch the
bandwidth of this user from 8Mbps to 1Mbps after this user exceeds
allocated quota ( quota check is to done by comparing 2 values like
this, if monthlycounter=maxquota ,perform the COA bandwidth
switching). Note:[totalcounter and maxquota are column names in my odbc
database named quotasubscribers].
_Hook_
sub { \
my $p = ${$_[0]}; \
return unless $p-code eq 'Accounting-Request'; \
main::log($main::LOG_DEBUG, 'Handling Accounting-Request'); \
my $user_name = $p-get_attr('User-Name'); \
my $sess_id = $p-get_attr('Acct-Session-Id'); \
my $framed_ipaddress = $p-get_attr('Framed-IP-Address'); \
my @coa_attrs = (User-Name=$user_name,
Acct-Session-Id=$sess_id, Framed-IP-Address=$framed_ipaddress);\
my @cmd_args = (-noacct, -noauth, -time,-code,
Change-Filter-Request); \
push @cmd_args, (-trace, 4, -bind_address,
0.0.0.0, -auth_port, 3799, -secret, xxx, -s, x.x.x.x); \
my @cmd = (perl, radpwtst); \
main::log($main::LOG_DEBUG, Running command: @cmd @cmd_args
@coa_attrs); \
system (@cmd, @cmd_args, @coa_attrs); \
}
_Accounting request sent from ISG_
Wed Mar 27 10:19:32 2013: DEBUG: Packet dump:
*** Received from 10.50.1.4 port 1646
Code: Accounting-Request
Identifier: 165
Authentic: .255]191175+218#2371820229|214
Attributes:
Acct-Session-Id = 002D98E3
cisco-Policy-Up = 8Mbps
cisco-Policy-Down = 8Mbps
Framed-Protocol = PPP
Framed-IP-Address = 94.187.159.88
User-Name = 99759991
cisco-avpair = connect-progress=LAN Ses Up
cisco-avpair = nas-tx-speed=10
cisco-avpair = nas-rx-speed=10
Acct-Session-Time = 40503
Acct-Input-Octets = 81218503
Acct-Output-Octets = 2504979160
Acct-Input-Packets = 1032810
Acct-Output-Packets = 1829162
Acct-Authentic = RADIUS
Acct-Status-Type = Alive
NAS-Port-Type = Virtual
NAS-Port = 0
NAS-Port-Id = 0/0/0/666
cisco-avpair = client-mac-address=7073.cbb3.66c8
Class =
153318997599912144$2210343000
3412000346000116c1dfaedfabcffee7
Service-Type = Framed-User
NAS-IP-Address = 10.50.1.4
Event-Timestamp = 1364368772
NAS-Identifier = DC-ISG2-Flash.wimd.kw
Acct-Delay-Time = 0
--
Requesting your kind help and advice,
Thomas Kurian
IT Security Engineer (B.Tech. -- Electrical)
Kuwaiti Canadian Consulting Group (www.kccg.com)
T: +965 22435566
F: +965 22415149
E: tho...@kccg.com
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] Bandwidth switch COA advice
Hello Michael,
Many thanks for your email. I am just handling the radiator side of our
company project . ISG (NAS) is handled by my colleague. so Can you
please give me the necessary steps that i should ask him to do on the NAS?
Additionally can you also please elaborate the steps or provide me with
an example on what is to done on the radiator in a sequence. I
positively believe that your previous experience with this subject
,can certainly help me out.
Requesting your kind help cooperation,
Thomas Kurian
IT Security Engineer (B.Tech. -- Electrical)
Kuwaiti Canadian Consulting Group (www.kccg.com)
T: +965 22435566
F: +965 22415149
E: tho...@kccg.com
On 3/27/2013 8:18 PM, Michael wrote:
I do this, but it's done by sending the cisco-avpair attribute to
the nas, with a value such as: ip:sub-qos-policy-out=RATE10M.
RATE10M is a rate policy that MUST be already setup in the NAS. And
of course you usually have 2 of these values. 1 being
ip:sub-qos-policy-in= and the other ip:sub-qos-policy-out= to cover
both the upload and the download.
On a wider view of the process i myself use, i inject the request
using radpwtst into NOT the nas, but into the radiator system which is
configured to proxy the request itself to the nas, and then you have
the ability to log that action. The nas needs to be setup with the
POD server to accept these requests.
Michael
On 27/03/13 05:16 AM, Thomas Kurian wrote:
Hello Friends,
I want to do a COA ,to switch the bandwidth profile of the users
after they exceed maximum their allocated quota. Which are the
attributes to be included in the COA script to achieve this( (with
respect to the following Accounting request capture from the
NAS[cisco ISG]) , is it cisco-Policy-Up/Down or some other?
what additional script lines might be required to achieve this
bandwidth switch COA?
Is there some configuration to be changed on the NAS end?
To make myself clear ,my requirement is for example, to switch the
bandwidth of this user from 8Mbps to 1Mbps after this user exceeds
allocated quota ( quota check is to done by comparing 2 values like
this, if monthlycounter=maxquota ,perform the COA bandwidth
switching). Note:[totalcounter and maxquota are column names in my
odbc database named quotasubscribers].
_Hook_
sub { \
my $p = ${$_[0]}; \
return unless $p-code eq 'Accounting-Request'; \
main::log($main::LOG_DEBUG, 'Handling Accounting-Request'); \
my $user_name = $p-get_attr('User-Name'); \
my $sess_id = $p-get_attr('Acct-Session-Id'); \
my $framed_ipaddress = $p-get_attr('Framed-IP-Address'); \
my @coa_attrs = (User-Name=$user_name,
Acct-Session-Id=$sess_id, Framed-IP-Address=$framed_ipaddress);\
my @cmd_args = (-noacct, -noauth, -time,-code,
Change-Filter-Request); \
push @cmd_args, (-trace, 4, -bind_address,
0.0.0.0, -auth_port, 3799, -secret, xxx, -s,
x.x.x.x); \
my @cmd = (perl, radpwtst); \
main::log($main::LOG_DEBUG, Running command: @cmd
@cmd_args @coa_attrs); \
system (@cmd, @cmd_args, @coa_attrs); \
}
_Accounting request sent from ISG_
Wed Mar 27 10:19:32 2013: DEBUG: Packet dump:
*** Received from 10.50.1.4 port 1646
Code: Accounting-Request
Identifier: 165
Authentic: .255]191175+218#2371820229|214
Attributes:
Acct-Session-Id = 002D98E3
cisco-Policy-Up = 8Mbps
cisco-Policy-Down = 8Mbps
Framed-Protocol = PPP
Framed-IP-Address = 94.187.159.88
User-Name = 99759991
cisco-avpair = connect-progress=LAN Ses Up
cisco-avpair = nas-tx-speed=10
cisco-avpair = nas-rx-speed=10
Acct-Session-Time = 40503
Acct-Input-Octets = 81218503
Acct-Output-Octets = 2504979160
Acct-Input-Packets = 1032810
Acct-Output-Packets = 1829162
Acct-Authentic = RADIUS
Acct-Status-Type = Alive
NAS-Port-Type = Virtual
NAS-Port = 0
NAS-Port-Id = 0/0/0/666
cisco-avpair = client-mac-address=7073.cbb3.66c8
Class =
153318997599912144$2210343000 3412000346000116c1dfaedfabcffee7
Service-Type = Framed-User
NAS-IP-Address = 10.50.1.4
Event-Timestamp = 1364368772
NAS-Identifier = DC-ISG2-Flash.wimd.kw
Acct-Delay-Time = 0
--
Requesting your kind help and advice,
Thomas Kurian
IT Security Engineer (B.Tech. -- Electrical)
Kuwaiti Canadian Consulting Group (www.kccg.com)
T: +965 22435566
F: +965 22415149
E:tho...@kccg.com
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] Bandwidth switch COA advice
This is not really a cut-and-paste sort of configuration. different
cisco devices can have different config. Sometimes this is all done on
1 line, but generally this is what it looks like:
aaa server radius dynamic-author
client 1.1.1.1
client 1.1.1.2
client 1.1.1.3
client 1.1.1.4
server-key 7 12464C5F030316
auth-type any
!
The clients being the ip address from where you need to accept
connections ie. from radpwtst.
Also keep in mind, this enables the POD server on the nas, but it
doesn't necessarily listen on the ip address that you use for radius or
to connect to the device. I work on devices that have many ips and the
POD service seems to only sit on some, possible just one of the nas's ips.
On 27/03/13 03:13 PM, Thomas Kurian wrote:
Hello Michael,
Many thanks for your email. I am just handling the radiator side of
our company project . ISG (NAS) is handled by my colleague. so Can you
please give me the necessary steps that i should ask him to do on the NAS?
Additionally can you also please elaborate the steps or provide me
with an example on what is to done on the radiator in a sequence. I
positively believe that your previous experience with this subject
,can certainly help me out.
Requesting your kind help cooperation,
Thomas Kurian
IT Security Engineer (B.Tech. -- Electrical)
Kuwaiti Canadian Consulting Group (www.kccg.com)
T: +965 22435566
F: +965 22415149
E:tho...@kccg.com
On 3/27/2013 8:18 PM, Michael wrote:
I do this, but it's done by sending the cisco-avpair attribute to
the nas, with a value such as: ip:sub-qos-policy-out=RATE10M.
RATE10M is a rate policy that MUST be already setup in the NAS.
And of course you usually have 2 of these values. 1 being
ip:sub-qos-policy-in= and the other ip:sub-qos-policy-out= to cover
both the upload and the download.
On a wider view of the process i myself use, i inject the request
using radpwtst into NOT the nas, but into the radiator system which
is configured to proxy the request itself to the nas, and then you
have the ability to log that action. The nas needs to be setup with
the POD server to accept these requests.
Michael
On 27/03/13 05:16 AM, Thomas Kurian wrote:
Hello Friends,
I want to do a COA ,to switch the bandwidth profile of the users
after they exceed maximum their allocated quota. Which are the
attributes to be included in the COA script to achieve this( (with
respect to the following Accounting request capture from the
NAS[cisco ISG]) , is it cisco-Policy-Up/Down or some other?
what additional script lines might be required to achieve this
bandwidth switch COA?
Is there some configuration to be changed on the NAS end?
To make myself clear ,my requirement is for example, to switch the
bandwidth of this user from 8Mbps to 1Mbps after this user exceeds
allocated quota ( quota check is to done by comparing 2 values like
this, if monthlycounter=maxquota ,perform the COA bandwidth
switching). Note:[totalcounter and maxquota are column names in my
odbc database named quotasubscribers].
_Hook_
sub { \
my $p = ${$_[0]}; \
return unless $p-code eq 'Accounting-Request'; \
main::log($main::LOG_DEBUG, 'Handling Accounting-Request'); \
my $user_name = $p-get_attr('User-Name'); \
my $sess_id = $p-get_attr('Acct-Session-Id'); \
my $framed_ipaddress = $p-get_attr('Framed-IP-Address'); \
my @coa_attrs = (User-Name=$user_name,
Acct-Session-Id=$sess_id, Framed-IP-Address=$framed_ipaddress);\
my @cmd_args = (-noacct, -noauth, -time,-code,
Change-Filter-Request); \
push @cmd_args, (-trace, 4, -bind_address,
0.0.0.0, -auth_port, 3799, -secret, xxx, -s,
x.x.x.x); \
my @cmd = (perl, radpwtst); \
main::log($main::LOG_DEBUG, Running command: @cmd
@cmd_args @coa_attrs); \
system (@cmd, @cmd_args, @coa_attrs); \
}
_Accounting request sent from ISG_
Wed Mar 27 10:19:32 2013: DEBUG: Packet dump:
*** Received from 10.50.1.4 port 1646
Code: Accounting-Request
Identifier: 165
Authentic: .255]191175+218#2371820229|214
Attributes:
Acct-Session-Id = 002D98E3
cisco-Policy-Up = 8Mbps
cisco-Policy-Down = 8Mbps
Framed-Protocol = PPP
Framed-IP-Address = 94.187.159.88
User-Name = 99759991
cisco-avpair = connect-progress=LAN Ses Up
cisco-avpair = nas-tx-speed=10
cisco-avpair = nas-rx-speed=10
Acct-Session-Time = 40503
Acct-Input-Octets = 81218503
Acct-Output-Octets = 2504979160
Acct-Input-Packets = 1032810
Acct-Output-Packets = 1829162
Acct-Authentic = RADIUS
Acct-Status-Type = Alive
NAS-Port-Type = Virtual
NAS-Port = 0
NAS-Port-Id = 0/0/0/666
cisco-avpair = client-mac-address=7073.cbb3.66c8
Class =
153318997599912144$2210343000
