08-13-2006 01:24 PM - edited 03-03-2019 01:38 PM
Hi,
How can I configure aaa autherization in the router and restrict the bandwidth (upstream and downstream) for users based in the service type subscribtion packages. I am using RADIUS for the AAA.
regards,
08-14-2006 12:56 AM
Hi
I remember applying the cap/port speed for the dial up (PSTN/ISDN) users based on the user ids.
The same set in the RADIUS attributes comes in force once they get logged in and authenticated in the SP network.
regds
08-14-2006 10:22 AM
One possible solution is to apply service-policy (using Cisco AV-Pair) and that policy has nothing more than just either policer or traffic shaping in class-default. This would work for traffic outgoing towards user. For incoming traffic you can only do policing. You need to enable PPP multilink (even if you have only one connection) in order to apply service-policy.
This is generic solution and can work in many environments. Depending on what kind of connections you're talking about and what is your degree of control over intermediate network between your access server and the customer, there might be some better alternatives (like setting PVC PCR value).
08-14-2006 01:10 PM
Thanks,
Did you have any doc. or url link explaining service-policy (using Cisco AV-Pair.
regarding setting PVCs, the issue is that all my WAN interfaces is POS.
08-14-2006 01:29 PM
You mean that each individual user is connected via individual POS interface?
I haven't tried yet to clone from Virtual-Template for users connecting via POS (that's what you'll need), but that doesn't sound good at such speeds - all the hardware switching will be effectively degraded by using those software interfaces. I'd apply 'rate-limit' directly on POS interface in such case if you don't require QoS. If you require also QoS, then apply service policy but again directly to the interface.
Here is example of simplest policy:
policy-map subscriber-10Mbps-avg
class class-default
police 10000000
Apply directly to interface as:
interface POS1/0
service-policy input subscriber-10Mbps-avg
service-policy output subscriber-10Mbps-avg
If you still decide to go radius way, then here is an example of user profile:
testuser User-Password = "blahblah"
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 192.168.128.2,
Framed-IP-Netmask = 255.255.255.252,
cisco-avpair="lcp:interface-config=ip address 192.168.128.1 255.255.255.252\nservice-policy input subscriber-10Mbps-avg\nservice-policy output subscriber-10Mbps-avg"
(Notice '\n')
You can find more information in following documents:
QoS configuration guide
http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cg/hqos_c/index.htm
QoS command reference
http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cr/hqos_r/index.htm
Hope this helps.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: