[RADIATOR] Bandwidth switch COA advice
Hello Friends, I want to do a COA ,to switch the bandwidth profile of the users after they exceed maximum their allocated quota. Which are the attributes to be included in the COA script to achieve this( (with respect to the following Accounting request capture from the NAS[cisco ISG]) , is it cisco-Policy-Up/Down or some other? what additional script lines might be required to achieve this bandwidth switch COA? Is there some configuration to be changed on the NAS end? To make myself clear ,my requirement is for example, to switch the bandwidth of this user from 8Mbps to 1Mbps after this user exceeds allocated quota ( quota check is to done by comparing 2 values like this, if monthlycounter=maxquota ,perform the COA bandwidth switching). Note:[totalcounter and maxquota are column names in my odbc database named quotasubscribers]. _Hook_ sub { \ my $p = ${$_[0]}; \ return unless $p-code eq 'Accounting-Request'; \ main::log($main::LOG_DEBUG, 'Handling Accounting-Request'); \ my $user_name = $p-get_attr('User-Name'); \ my $sess_id = $p-get_attr('Acct-Session-Id'); \ my $framed_ipaddress = $p-get_attr('Framed-IP-Address'); \ my @coa_attrs = (User-Name=$user_name, Acct-Session-Id=$sess_id, Framed-IP-Address=$framed_ipaddress);\ my @cmd_args = (-noacct, -noauth, -time,-code, Change-Filter-Request); \ push @cmd_args, (-trace, 4, -bind_address, 0.0.0.0, -auth_port, 3799, -secret, xxx, -s, x.x.x.x); \ my @cmd = (perl, radpwtst); \ main::log($main::LOG_DEBUG, Running command: @cmd @cmd_args @coa_attrs); \ system (@cmd, @cmd_args, @coa_attrs); \ } _Accounting request sent from ISG_ Wed Mar 27 10:19:32 2013: DEBUG: Packet dump: *** Received from 10.50.1.4 port 1646 Code: Accounting-Request Identifier: 165 Authentic: .255]191175+218#2371820229|214 Attributes: Acct-Session-Id = 002D98E3 cisco-Policy-Up = 8Mbps cisco-Policy-Down = 8Mbps Framed-Protocol = PPP Framed-IP-Address = 94.187.159.88 User-Name = 99759991 cisco-avpair = connect-progress=LAN Ses Up cisco-avpair = nas-tx-speed=10 cisco-avpair = nas-rx-speed=10 Acct-Session-Time = 40503 Acct-Input-Octets = 81218503 Acct-Output-Octets = 2504979160 Acct-Input-Packets = 1032810 Acct-Output-Packets = 1829162 Acct-Authentic = RADIUS Acct-Status-Type = Alive NAS-Port-Type = Virtual NAS-Port = 0 NAS-Port-Id = 0/0/0/666 cisco-avpair = client-mac-address=7073.cbb3.66c8 Class = 153318997599912144$2210343000 3412000346000116c1dfaedfabcffee7 Service-Type = Framed-User NAS-IP-Address = 10.50.1.4 Event-Timestamp = 1364368772 NAS-Identifier = DC-ISG2-Flash.wimd.kw Acct-Delay-Time = 0 -- Requesting your kind help and advice, Thomas Kurian IT Security Engineer (B.Tech. -- Electrical) Kuwaiti Canadian Consulting Group (www.kccg.com) T: +965 22435566 F: +965 22415149 E: tho...@kccg.com ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] Bandwidth switch COA advice
Hello Michael, Many thanks for your email. I am just handling the radiator side of our company project . ISG (NAS) is handled by my colleague. so Can you please give me the necessary steps that i should ask him to do on the NAS? Additionally can you also please elaborate the steps or provide me with an example on what is to done on the radiator in a sequence. I positively believe that your previous experience with this subject ,can certainly help me out. Requesting your kind help cooperation, Thomas Kurian IT Security Engineer (B.Tech. -- Electrical) Kuwaiti Canadian Consulting Group (www.kccg.com) T: +965 22435566 F: +965 22415149 E: tho...@kccg.com On 3/27/2013 8:18 PM, Michael wrote: I do this, but it's done by sending the cisco-avpair attribute to the nas, with a value such as: ip:sub-qos-policy-out=RATE10M. RATE10M is a rate policy that MUST be already setup in the NAS. And of course you usually have 2 of these values. 1 being ip:sub-qos-policy-in= and the other ip:sub-qos-policy-out= to cover both the upload and the download. On a wider view of the process i myself use, i inject the request using radpwtst into NOT the nas, but into the radiator system which is configured to proxy the request itself to the nas, and then you have the ability to log that action. The nas needs to be setup with the POD server to accept these requests. Michael On 27/03/13 05:16 AM, Thomas Kurian wrote: Hello Friends, I want to do a COA ,to switch the bandwidth profile of the users after they exceed maximum their allocated quota. Which are the attributes to be included in the COA script to achieve this( (with respect to the following Accounting request capture from the NAS[cisco ISG]) , is it cisco-Policy-Up/Down or some other? what additional script lines might be required to achieve this bandwidth switch COA? Is there some configuration to be changed on the NAS end? To make myself clear ,my requirement is for example, to switch the bandwidth of this user from 8Mbps to 1Mbps after this user exceeds allocated quota ( quota check is to done by comparing 2 values like this, if monthlycounter=maxquota ,perform the COA bandwidth switching). Note:[totalcounter and maxquota are column names in my odbc database named quotasubscribers]. _Hook_ sub { \ my $p = ${$_[0]}; \ return unless $p-code eq 'Accounting-Request'; \ main::log($main::LOG_DEBUG, 'Handling Accounting-Request'); \ my $user_name = $p-get_attr('User-Name'); \ my $sess_id = $p-get_attr('Acct-Session-Id'); \ my $framed_ipaddress = $p-get_attr('Framed-IP-Address'); \ my @coa_attrs = (User-Name=$user_name, Acct-Session-Id=$sess_id, Framed-IP-Address=$framed_ipaddress);\ my @cmd_args = (-noacct, -noauth, -time,-code, Change-Filter-Request); \ push @cmd_args, (-trace, 4, -bind_address, 0.0.0.0, -auth_port, 3799, -secret, xxx, -s, x.x.x.x); \ my @cmd = (perl, radpwtst); \ main::log($main::LOG_DEBUG, Running command: @cmd @cmd_args @coa_attrs); \ system (@cmd, @cmd_args, @coa_attrs); \ } _Accounting request sent from ISG_ Wed Mar 27 10:19:32 2013: DEBUG: Packet dump: *** Received from 10.50.1.4 port 1646 Code: Accounting-Request Identifier: 165 Authentic: .255]191175+218#2371820229|214 Attributes: Acct-Session-Id = 002D98E3 cisco-Policy-Up = 8Mbps cisco-Policy-Down = 8Mbps Framed-Protocol = PPP Framed-IP-Address = 94.187.159.88 User-Name = 99759991 cisco-avpair = connect-progress=LAN Ses Up cisco-avpair = nas-tx-speed=10 cisco-avpair = nas-rx-speed=10 Acct-Session-Time = 40503 Acct-Input-Octets = 81218503 Acct-Output-Octets = 2504979160 Acct-Input-Packets = 1032810 Acct-Output-Packets = 1829162 Acct-Authentic = RADIUS Acct-Status-Type = Alive NAS-Port-Type = Virtual NAS-Port = 0 NAS-Port-Id = 0/0/0/666 cisco-avpair = client-mac-address=7073.cbb3.66c8 Class = 153318997599912144$2210343000 3412000346000116c1dfaedfabcffee7 Service-Type = Framed-User NAS-IP-Address = 10.50.1.4 Event-Timestamp = 1364368772 NAS-Identifier = DC-ISG2-Flash.wimd.kw Acct-Delay-Time = 0 -- Requesting your kind help and advice, Thomas Kurian IT Security Engineer (B.Tech. -- Electrical) Kuwaiti Canadian Consulting Group (www.kccg.com) T: +965 22435566 F: +965 22415149 E:tho...@kccg.com ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] Bandwidth switch COA advice
This is not really a cut-and-paste sort of configuration. different cisco devices can have different config. Sometimes this is all done on 1 line, but generally this is what it looks like: aaa server radius dynamic-author client 1.1.1.1 client 1.1.1.2 client 1.1.1.3 client 1.1.1.4 server-key 7 12464C5F030316 auth-type any ! The clients being the ip address from where you need to accept connections ie. from radpwtst. Also keep in mind, this enables the POD server on the nas, but it doesn't necessarily listen on the ip address that you use for radius or to connect to the device. I work on devices that have many ips and the POD service seems to only sit on some, possible just one of the nas's ips. On 27/03/13 03:13 PM, Thomas Kurian wrote: Hello Michael, Many thanks for your email. I am just handling the radiator side of our company project . ISG (NAS) is handled by my colleague. so Can you please give me the necessary steps that i should ask him to do on the NAS? Additionally can you also please elaborate the steps or provide me with an example on what is to done on the radiator in a sequence. I positively believe that your previous experience with this subject ,can certainly help me out. Requesting your kind help cooperation, Thomas Kurian IT Security Engineer (B.Tech. -- Electrical) Kuwaiti Canadian Consulting Group (www.kccg.com) T: +965 22435566 F: +965 22415149 E:tho...@kccg.com On 3/27/2013 8:18 PM, Michael wrote: I do this, but it's done by sending the cisco-avpair attribute to the nas, with a value such as: ip:sub-qos-policy-out=RATE10M. RATE10M is a rate policy that MUST be already setup in the NAS. And of course you usually have 2 of these values. 1 being ip:sub-qos-policy-in= and the other ip:sub-qos-policy-out= to cover both the upload and the download. On a wider view of the process i myself use, i inject the request using radpwtst into NOT the nas, but into the radiator system which is configured to proxy the request itself to the nas, and then you have the ability to log that action. The nas needs to be setup with the POD server to accept these requests. Michael On 27/03/13 05:16 AM, Thomas Kurian wrote: Hello Friends, I want to do a COA ,to switch the bandwidth profile of the users after they exceed maximum their allocated quota. Which are the attributes to be included in the COA script to achieve this( (with respect to the following Accounting request capture from the NAS[cisco ISG]) , is it cisco-Policy-Up/Down or some other? what additional script lines might be required to achieve this bandwidth switch COA? Is there some configuration to be changed on the NAS end? To make myself clear ,my requirement is for example, to switch the bandwidth of this user from 8Mbps to 1Mbps after this user exceeds allocated quota ( quota check is to done by comparing 2 values like this, if monthlycounter=maxquota ,perform the COA bandwidth switching). Note:[totalcounter and maxquota are column names in my odbc database named quotasubscribers]. _Hook_ sub { \ my $p = ${$_[0]}; \ return unless $p-code eq 'Accounting-Request'; \ main::log($main::LOG_DEBUG, 'Handling Accounting-Request'); \ my $user_name = $p-get_attr('User-Name'); \ my $sess_id = $p-get_attr('Acct-Session-Id'); \ my $framed_ipaddress = $p-get_attr('Framed-IP-Address'); \ my @coa_attrs = (User-Name=$user_name, Acct-Session-Id=$sess_id, Framed-IP-Address=$framed_ipaddress);\ my @cmd_args = (-noacct, -noauth, -time,-code, Change-Filter-Request); \ push @cmd_args, (-trace, 4, -bind_address, 0.0.0.0, -auth_port, 3799, -secret, xxx, -s, x.x.x.x); \ my @cmd = (perl, radpwtst); \ main::log($main::LOG_DEBUG, Running command: @cmd @cmd_args @coa_attrs); \ system (@cmd, @cmd_args, @coa_attrs); \ } _Accounting request sent from ISG_ Wed Mar 27 10:19:32 2013: DEBUG: Packet dump: *** Received from 10.50.1.4 port 1646 Code: Accounting-Request Identifier: 165 Authentic: .255]191175+218#2371820229|214 Attributes: Acct-Session-Id = 002D98E3 cisco-Policy-Up = 8Mbps cisco-Policy-Down = 8Mbps Framed-Protocol = PPP Framed-IP-Address = 94.187.159.88 User-Name = 99759991 cisco-avpair = connect-progress=LAN Ses Up cisco-avpair = nas-tx-speed=10 cisco-avpair = nas-rx-speed=10 Acct-Session-Time = 40503 Acct-Input-Octets = 81218503 Acct-Output-Octets = 2504979160 Acct-Input-Packets = 1032810 Acct-Output-Packets = 1829162 Acct-Authentic = RADIUS Acct-Status-Type = Alive NAS-Port-Type = Virtual NAS-Port = 0 NAS-Port-Id = 0/0/0/666 cisco-avpair = client-mac-address=7073.cbb3.66c8 Class = 153318997599912144$2210343000