Mailing List Archive

Hi Dermot,

Have a look at http://wiki.freeradius.org/Packet_of_Disconnect

HTH,
- Gaurav
on 11/28/2007 01:09 PM Dermot Williams said the following:
> Hi,
>
>
>
> We need to be able to disconnect users from our LNS when they haven’t
> paid their bill – can anyone give me some pointers on the most effective
> way to do this?
>
>
>
> I had initially thought of just changing the users password in RADIUS
> but that is only effective for suspending users who switch off their
> modem or disconnect regularly – customers who leave their modems logged
> in all of the time may continue to receive service for months after they
> have been ‘suspended’.
>
>
>
> The only other alternative that I can think of is to use an SNMPSET
> message to clear the VI that the customer is using. This would probably
> require a little script-fu but it’s not insurmountable but I’d love to
> know if there is a more elegant way to approach this?
>
>
>
> Dermot Williams
>
> Senior Network Engineer
>
> *Irish Broadband Internet Services Ltd.***
_______________________________________________
cisco-bba mailing list
cisco-bba@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba

If you are good with scripting you can always login, perform a "show users
wide" filtering by username, then grab their interface name, and "clear
int x".

If youre not fussed on doing it by username, say for fear that you might
pick up another user (e.g. filtering on "bob@isp" could also pick up
"abob@isp"), you could always grab their IP address from your RADIUS
database, filter a "show users" by IP, grab the interface name, and clear
it.

Of course you can always include some sanity checks to ensure that you
havnt picked up the incorrect username, and/or handle multiple instances
of the same username that should be booted off.

Thats how I'd do it, personally :-)

Something like this shouldnt be too hard to write, I could probably whip
something up in a couple of minutes in Perl if that suits your
requirements.

Cheers,
Tom

> Hi,
>
>
>
> We need to be able to disconnect users from our LNS when they haven't
> paid their bill - can anyone give me some pointers on the most effective
> way to do this?
>
>
>
> I had initially thought of just changing the users password in RADIUS
> but that is only effective for suspending users who switch off their
> modem or disconnect regularly - customers who leave their modems logged
> in all of the time may continue to receive service for months after they
> have been 'suspended'.
>
>
>
> The only other alternative that I can think of is to use an SNMPSET
> message to clear the VI that the customer is using. This would probably
> require a little script-fu but it's not insurmountable but I'd love to
> know if there is a more elegant way to approach this?
>
>
>
> Dermot Williams
>
> Senior Network Engineer
>
> Irish Broadband Internet Services Ltd.
>
>
>
>
>
>
>
>
>
> This message is for the named person's use only. It may contain
> confidential, proprietary or legally privileged information. No
> confidentiality or privilege is waived or lost by any mistransmission. If
> you receive this message in error, please immediately delete it and all
> copies of it from your system, destroy any hard copies of it and notify
> the sender. You must not, directly or indirectly, use, disclose,
> distribute, print, or copy any part of this message if you are not the
> intended recipient. Irish Broadband and any of its subsidiaries each
> reserve the right to monitor all e-mail communications through its
> networks. Any views expressed in this message are those of the individual
> sender, except where the message states otherwise and the sender is
> authorized to state them to be the views of any such entity.
>
> Irish Broadband Internet Services Ltd, Registered in Ireland, Number:
> 357181, Registered Office: Burton Court, Burton Hall Road, Sandyford
> Industrial Estate, Dublin 18
> _______________________________________________
> cisco-bba mailing list
> cisco-bba@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-bba

_______________________________________________
cisco-bba mailing list
cisco-bba@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba

On Wed, 28 Nov 2007, Dermot Williams wrote:

> We need to be able to disconnect users from our LNS when they haven't
> paid their bill - can anyone give me some pointers on the most effective
> way to do this?

Lock their passwd and search for RADIUS Packet of Disconnect (or radius
pod).

----------------------------------------------------------------------
Jon Lewis | I route
Senior Network Engineer | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
_______________________________________________
cisco-bba mailing list
cisco-bba@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba

Won't the DSL modem kindly hit RADIUS 20 to 30 times per minute? We first
disable the account in RADIUS, and then suspend traffic to that port on the
DSLAM.

Frank

_____

From: cisco-bba-bounces@puck.nether.net
[mailto:cisco-bba-bounces@puck.nether.net] On Behalf Of Dermot Williams
Sent: Wednesday, November 28, 2007 6:09 AM
To: cisco-bba@puck.nether.net
Subject: [cisco-bba] Disconnecting users



Hi,



We need to be able to disconnect users from our LNS when they haven't paid
their bill - can anyone give me some pointers on the most effective way to
do this?



I had initially thought of just changing the users password in RADIUS but
that is only effective for suspending users who switch off their modem or
disconnect regularly - customers who leave their modems logged in all of the
time may continue to receive service for months after they have been
'suspended'.



The only other alternative that I can think of is to use an SNMPSET message
to clear the VI that the customer is using. This would probably require a
little script-fu but it's not insurmountable but I'd love to know if there
is a more elegant way to approach this?



Dermot Williams

Senior Network Engineer

Irish Broadband Internet Services Ltd.









This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission. If
you receive this message in error, please immediately delete it and all
copies of it from your system, destroy any hard copies of it and notify the
sender. You must not, directly or indirectly, use, disclose, distribute,
print, or copy any part of this message if you are not the intended
recipient. Irish Broadband and any of its subsidiaries each reserve the
right to monitor all e-mail communications through its networks. Any views
expressed in this message are those of the individual sender, except where
the message states otherwise and the sender is authorized to state them to
be the views of any such entity.

Irish Broadband Internet Services Ltd, Registered in Ireland, Number:
357181, Registered Office: Burton Court, Burton Hall Road, Sandyford
Industrial Estate, Dublin 18

What we do is lock the customer's account via their radius profile
(don't ask me how we do this because it's done by our development team).
I think we use radiator with a oracle/SQL backend. We then get a ticket
from Finance to boot the user off, and as described by the previous
posts, we just log onto the appropriate LNS and clear the user's
respective virtual interface.

When the user tries to re-login and authenticate, radius picks up the
fact that their account is locked and tunnels them to our lns-ssg router
where they get assigned a private 172.16.x.x address and can only browse
to our online portal that advises them to pay their account :)

Here's some ssg stuff:
http://www.cisco.com/en/US/tech/tk888/tk890/tsd_technology_support_proto
col_home.html



--

Regards,

Andy


-----Original Message-----
From: cisco-bba-bounces@puck.nether.net
[mailto:cisco-bba-bounces@puck.nether.net] On Behalf Of
cisco-bba-request@puck.nether.net
Sent: Thursday, 29 November 2007 4:00 AM
To: cisco-bba@puck.nether.net
Subject: cisco-bba Digest, Vol 53, Issue 2

Send cisco-bba mailing list submissions to
cisco-bba@puck.nether.net

To subscribe or unsubscribe via the World Wide Web, visit
https://puck.nether.net/mailman/listinfo/cisco-bba
or, via email, send a message with subject or body 'help' to
cisco-bba-request@puck.nether.net

You can reach the person managing the list at
cisco-bba-owner@puck.nether.net

When replying, please edit your Subject line so it is more specific than
"Re: Contents of cisco-bba digest..."


Today's Topics:

1. Disconnecting users (Dermot Williams)
2. Re: Disconnecting users (Tom Storey)
3. Re: Disconnecting users (Jon Lewis)


----------------------------------------------------------------------

Message: 1
Date: Wed, 28 Nov 2007 12:09:04 -0000
From: "Dermot Williams" <dermot.williams@irishbroadband.ie>
Subject: [cisco-bba] Disconnecting users
To: <cisco-bba@puck.nether.net>
Message-ID:

<F8F202557BB3B84C9E8CDDFAA1FC3DFD01BE1BA6@DUBMS01.irishbroadband.ie>
Content-Type: text/plain; charset="us-ascii"

Hi,



We need to be able to disconnect users from our LNS when they haven't
paid their bill - can anyone give me some pointers on the most effective
way to do this?



I had initially thought of just changing the users password in RADIUS
but that is only effective for suspending users who switch off their
modem or disconnect regularly - customers who leave their modems logged
in all of the time may continue to receive service for months after they
have been 'suspended'.



The only other alternative that I can think of is to use an SNMPSET
message to clear the VI that the customer is using. This would probably
require a little script-fu but it's not insurmountable but I'd love to
know if there is a more elegant way to approach this?



Dermot Williams

Senior Network Engineer

Irish Broadband Internet Services Ltd.









This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please immediately delete it and
all copies of it from your system, destroy any hard copies of it and
notify the sender. You must not, directly or indirectly, use, disclose,
distribute, print, or copy any part of this message if you are not the
intended recipient. Irish Broadband and any of its subsidiaries each
reserve the right to monitor all e-mail communications through its
networks. Any views expressed in this message are those of the
individual sender, except where the message states otherwise and the
sender is authorized to state them to be the views of any such entity.

Irish Broadband Internet Services Ltd, Registered in Ireland, Number:
357181, Registered Office: Burton Court, Burton Hall Road, Sandyford
Industrial Estate, Dublin 18
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
https://puck.nether.net/pipermail/cisco-bba/attachments/20071128/e9d123d
5/attachment-0001.html

------------------------------

Message: 2
Date: Wed, 28 Nov 2007 22:57:16 +1030 (CST)
From: "Tom Storey" <tom@snnap.net>
Subject: Re: [cisco-bba] Disconnecting users
To: "Dermot Williams" <dermot.williams@irishbroadband.ie>
Cc: cisco-bba@puck.nether.net
Message-ID: <63826.172.25.144.4.1196252836.squirrel@imap.snnap.net>
Content-Type: text/plain;charset=iso-8859-1

If you are good with scripting you can always login, perform a "show
users wide" filtering by username, then grab their interface name, and
"clear int x".

If youre not fussed on doing it by username, say for fear that you might
pick up another user (e.g. filtering on "bob@isp" could also pick up
"abob@isp"), you could always grab their IP address from your RADIUS
database, filter a "show users" by IP, grab the interface name, and
clear it.

Of course you can always include some sanity checks to ensure that you
havnt picked up the incorrect username, and/or handle multiple instances
of the same username that should be booted off.

Thats how I'd do it, personally :-)

Something like this shouldnt be too hard to write, I could probably whip
something up in a couple of minutes in Perl if that suits your
requirements.

Cheers,
Tom

> Hi,
>
>
>
> We need to be able to disconnect users from our LNS when they haven't
> paid their bill - can anyone give me some pointers on the most
> effective way to do this?
>
>
>
> I had initially thought of just changing the users password in RADIUS
> but that is only effective for suspending users who switch off their
> modem or disconnect regularly - customers who leave their modems
> logged in all of the time may continue to receive service for months
> after they have been 'suspended'.
>
>
>
> The only other alternative that I can think of is to use an SNMPSET
> message to clear the VI that the customer is using. This would
> probably require a little script-fu but it's not insurmountable but
> I'd love to know if there is a more elegant way to approach this?
>
>
>
> Dermot Williams
>
> Senior Network Engineer
>
> Irish Broadband Internet Services Ltd.
>
>
>
>
>
>
>
>
>
> This message is for the named person's use only. It may contain
> confidential, proprietary or legally privileged information. No
> confidentiality or privilege is waived or lost by any mistransmission.

> If you receive this message in error, please immediately delete it and

> all copies of it from your system, destroy any hard copies of it and
> notify the sender. You must not, directly or indirectly, use,
> disclose, distribute, print, or copy any part of this message if you
> are not the intended recipient. Irish Broadband and any of its
> subsidiaries each reserve the right to monitor all e-mail
> communications through its networks. Any views expressed in this
> message are those of the individual sender, except where the message
> states otherwise and the sender is authorized to state them to be the
views of any such entity.
>
> Irish Broadband Internet Services Ltd, Registered in Ireland, Number:
> 357181, Registered Office: Burton Court, Burton Hall Road, Sandyford
> Industrial Estate, Dublin 18
> _______________________________________________
> cisco-bba mailing list
> cisco-bba@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-bba



------------------------------

Message: 3
Date: Wed, 28 Nov 2007 07:54:49 -0500 (EST)
From: Jon Lewis <jlewis@lewis.org>
Subject: Re: [cisco-bba] Disconnecting users
To: Dermot Williams <dermot.williams@irishbroadband.ie>
Cc: cisco-bba@puck.nether.net
Message-ID: <Pine.LNX.4.61.0711280753510.3306@soloth.lewis.org>
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed

On Wed, 28 Nov 2007, Dermot Williams wrote:

> We need to be able to disconnect users from our LNS when they haven't
> paid their bill - can anyone give me some pointers on the most
> effective way to do this?

Lock their passwd and search for RADIUS Packet of Disconnect (or radius
pod).

----------------------------------------------------------------------
Jon Lewis | I route
Senior Network Engineer | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________


------------------------------

_______________________________________________
cisco-bba mailing list
cisco-bba@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba

End of cisco-bba Digest, Vol 53, Issue 2
****************************************

This email and any files transmitted with it are confidential and intended solely for the
use of the individual or entity to whom they are addressed. Please notify the sender
immediately by email if you have received this email by mistake and delete this email
from your system. Please note that any views or opinions presented in this email are solely
those of the author and do not necessarily represent those of the organisation.
Finally, the recipient should check this email and any attachments for the presence of
viruses. The organisation accepts no liability for any damage caused by any virus
transmitted by this email.

_______________________________________________
cisco-bba mailing list
cisco-bba@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba

Hi,

if you 'll end up using SNMP, then take a look at 'casnDisconnect'
http://tools.cisco.com/Support/SNMP/do/BrowseOID.do?local=en&translate=Translate&objectInput=1.3.6.1.4.1.9.9.150.1.1.3.1.5
To use this a 'aaa session-mib disconnect' is necessary in your router
config.

regards
Mark

Dermot Williams wrote:
>
>
> Hi,
>
>
>
> We need to be able to disconnect users from our LNS when they haven’t
> paid their bill – can anyone give me some pointers on the most effective
> way to do this?
>
>
>
> I had initially thought of just changing the users password in RADIUS
> but that is only effective for suspending users who switch off their
> modem or disconnect regularly – customers who leave their modems logged
> in all of the time may continue to receive service for months after they
> have been ‘suspended’.
>
>
>
> The only other alternative that I can think of is to use an SNMPSET
> message to clear the VI that the customer is using. This would probably
> require a little script-fu but it’s not insurmountable but I’d love to
> know if there is a more elegant way to approach this?
>
>
>
> Dermot Williams
>
> Senior Network Engineer
>
> *Irish Broadband Internet Services Ltd.** *
>
>
_______________________________________________
cisco-bba mailing list
cisco-bba@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba