What we do is lock the customer's account via their radius profile
(don't ask me how we do this because it's done by our development team).
I think we use radiator with a oracle/SQL backend. We then get a ticket
from Finance to boot the user off, and as described by the previous
posts, we just log onto the appropriate LNS and clear the user's
respective virtual interface.
When the user tries to re-login and authenticate, radius picks up the
fact that their account is locked and tunnels them to our lns-ssg router
where they get assigned a private 172.16.x.x address and can only browse
to our online portal that advises them to pay their account :)
Here's some ssg stuff:
http://www.cisco.com/en/US/tech/tk888/tk890/tsd_technology_support_proto col_home.html
--
Regards,
Andy
-----Original Message-----
From: cisco-bba-bounces@puck.nether.net
[mailto:cisco-bba-bounces@puck.nether.net] On Behalf Of
cisco-bba-request@puck.nether.net
Sent: Thursday, 29 November 2007 4:00 AM
To: cisco-bba@puck.nether.net
Subject: cisco-bba Digest, Vol 53, Issue 2
Send cisco-bba mailing list submissions to
cisco-bba@puck.nether.net
To subscribe or unsubscribe via the World Wide Web, visit
https://puck.nether.net/mailman/listinfo/cisco-bba or, via email, send a message with subject or body 'help' to
cisco-bba-request@puck.nether.net
You can reach the person managing the list at
cisco-bba-owner@puck.nether.net
When replying, please edit your Subject line so it is more specific than
"Re: Contents of cisco-bba digest..."
Today's Topics:
1. Disconnecting users (Dermot Williams)
2. Re: Disconnecting users (Tom Storey)
3. Re: Disconnecting users (Jon Lewis)
----------------------------------------------------------------------
Message: 1
Date: Wed, 28 Nov 2007 12:09:04 -0000
From: "Dermot Williams" <dermot.williams@irishbroadband.ie>
Subject: [cisco-bba] Disconnecting users
To: <cisco-bba@puck.nether.net>
Message-ID:
<F8F202557BB3B84C9E8CDDFAA1FC3DFD01BE1BA6@DUBMS01.irishbroadband.ie>
Content-Type: text/plain; charset="us-ascii"
Hi,
We need to be able to disconnect users from our LNS when they haven't
paid their bill - can anyone give me some pointers on the most effective
way to do this?
I had initially thought of just changing the users password in RADIUS
but that is only effective for suspending users who switch off their
modem or disconnect regularly - customers who leave their modems logged
in all of the time may continue to receive service for months after they
have been 'suspended'.
The only other alternative that I can think of is to use an SNMPSET
message to clear the VI that the customer is using. This would probably
require a little script-fu but it's not insurmountable but I'd love to
know if there is a more elegant way to approach this?
Dermot Williams
Senior Network Engineer
Irish Broadband Internet Services Ltd.
This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please immediately delete it and
all copies of it from your system, destroy any hard copies of it and
notify the sender. You must not, directly or indirectly, use, disclose,
distribute, print, or copy any part of this message if you are not the
intended recipient. Irish Broadband and any of its subsidiaries each
reserve the right to monitor all e-mail communications through its
networks. Any views expressed in this message are those of the
individual sender, except where the message states otherwise and the
sender is authorized to state them to be the views of any such entity.
Irish Broadband Internet Services Ltd, Registered in Ireland, Number:
357181, Registered Office: Burton Court, Burton Hall Road, Sandyford
Industrial Estate, Dublin 18
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
https://puck.nether.net/pipermail/cisco-bba/attachments/20071128/e9d123d 5/attachment-0001.html
------------------------------
Message: 2
Date: Wed, 28 Nov 2007 22:57:16 +1030 (CST)
From: "Tom Storey" <tom@snnap.net>
Subject: Re: [cisco-bba] Disconnecting users
To: "Dermot Williams" <dermot.williams@irishbroadband.ie>
Cc: cisco-bba@puck.nether.net
Message-ID: <63826.172.25.144.4.1196252836.squirrel@imap.snnap.net>
Content-Type: text/plain;charset=iso-8859-1
If you are good with scripting you can always login, perform a "show
users wide" filtering by username, then grab their interface name, and
"clear int x".
If youre not fussed on doing it by username, say for fear that you might
pick up another user (e.g. filtering on "bob@isp" could also pick up
"abob@isp"), you could always grab their IP address from your RADIUS
database, filter a "show users" by IP, grab the interface name, and
clear it.
Of course you can always include some sanity checks to ensure that you
havnt picked up the incorrect username, and/or handle multiple instances
of the same username that should be booted off.
Thats how I'd do it, personally :-)
Something like this shouldnt be too hard to write, I could probably whip
something up in a couple of minutes in Perl if that suits your
requirements.
Cheers,
Tom
> Hi,
>
>
>
> We need to be able to disconnect users from our LNS when they haven't
> paid their bill - can anyone give me some pointers on the most
> effective way to do this?
>
>
>
> I had initially thought of just changing the users password in RADIUS
> but that is only effective for suspending users who switch off their
> modem or disconnect regularly - customers who leave their modems
> logged in all of the time may continue to receive service for months
> after they have been 'suspended'.
>
>
>
> The only other alternative that I can think of is to use an SNMPSET
> message to clear the VI that the customer is using. This would
> probably require a little script-fu but it's not insurmountable but
> I'd love to know if there is a more elegant way to approach this?
>
>
>
> Dermot Williams
>
> Senior Network Engineer
>
> Irish Broadband Internet Services Ltd.
>
>
>
>
>
>
>
>
>
> This message is for the named person's use only. It may contain
> confidential, proprietary or legally privileged information. No
> confidentiality or privilege is waived or lost by any mistransmission.
> If you receive this message in error, please immediately delete it and
> all copies of it from your system, destroy any hard copies of it and
> notify the sender. You must not, directly or indirectly, use,
> disclose, distribute, print, or copy any part of this message if you
> are not the intended recipient. Irish Broadband and any of its
> subsidiaries each reserve the right to monitor all e-mail
> communications through its networks. Any views expressed in this
> message are those of the individual sender, except where the message
> states otherwise and the sender is authorized to state them to be the
views of any such entity.
>
> Irish Broadband Internet Services Ltd, Registered in Ireland, Number:
> 357181, Registered Office: Burton Court, Burton Hall Road, Sandyford
> Industrial Estate, Dublin 18
> _______________________________________________
> cisco-bba mailing list
> cisco-bba@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-bba
------------------------------
Message: 3
Date: Wed, 28 Nov 2007 07:54:49 -0500 (EST)
From: Jon Lewis <jlewis@lewis.org>
Subject: Re: [cisco-bba] Disconnecting users
To: Dermot Williams <dermot.williams@irishbroadband.ie>
Cc: cisco-bba@puck.nether.net
Message-ID: <Pine.LNX.4.61.0711280753510.3306@soloth.lewis.org>
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
On Wed, 28 Nov 2007, Dermot Williams wrote:
> We need to be able to disconnect users from our LNS when they haven't
> paid their bill - can anyone give me some pointers on the most
> effective way to do this?
Lock their passwd and search for RADIUS Packet of Disconnect (or radius
pod).
----------------------------------------------------------------------
Jon Lewis | I route
Senior Network Engineer | therefore you are
Atlantic Net |
_________
http://www.lewis.org/~jlewis/pgp for PGP public key_________
------------------------------
_______________________________________________
cisco-bba mailing list
cisco-bba@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba End of cisco-bba Digest, Vol 53, Issue 2
****************************************
This email and any files transmitted with it are confidential and intended solely for the
use of the individual or entity to whom they are addressed. Please notify the sender
immediately by email if you have received this email by mistake and delete this email
from your system. Please note that any views or opinions presented in this email are solely
those of the author and do not necessarily represent those of the organisation.
Finally, the recipient should check this email and any attachments for the presence of
viruses. The organisation accepts no liability for any damage caused by any virus
transmitted by this email.
_______________________________________________
cisco-bba mailing list
cisco-bba@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba