Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
322
Views
0
Helpful
4
Replies

aaa Autherization and Bandwidth restiction

aalhousani
Level 1
Level 1

‎08-13-2006 01:24 PM - edited ‎03-03-2019 01:38 PM

Hi,

How can I configure aaa autherization in the router and restrict the bandwidth (upstream and downstream) for users based in the service type subscribtion packages. I am using RADIUS for the AAA.

regards,

Labels:
0 Helpful
4 Replies 4

spremkumar
Level 9
Level 9

‎08-14-2006 12:56 AM

Hi

I remember applying the cap/port speed for the dial up (PSTN/ISDN) users based on the user ids.

The same set in the RADIUS attributes comes in force once they get logged in and authenticated in the SP network.

regds

0 Helpful

ilya.varlashkin
Level 3
Level 3

‎08-14-2006 10:22 AM

One possible solution is to apply service-policy (using Cisco AV-Pair) and that policy has nothing more than just either policer or traffic shaping in class-default. This would work for traffic outgoing towards user. For incoming traffic you can only do policing. You need to enable PPP multilink (even if you have only one connection) in order to apply service-policy.

This is generic solution and can work in many environments. Depending on what kind of connections you're talking about and what is your degree of control over intermediate network between your access server and the customer, there might be some better alternatives (like setting PVC PCR value).

0 Helpful

aalhousani
Level 1
Level 1
In response to ilya.varlashkin

‎08-14-2006 01:10 PM

Thanks,

Did you have any doc. or url link explaining service-policy (using Cisco AV-Pair.

regarding setting PVCs, the issue is that all my WAN interfaces is POS.

0 Helpful

ilya.varlashkin
Level 3
Level 3
In response to aalhousani

‎08-14-2006 01:29 PM

You mean that each individual user is connected via individual POS interface?

I haven't tried yet to clone from Virtual-Template for users connecting via POS (that's what you'll need), but that doesn't sound good at such speeds - all the hardware switching will be effectively degraded by using those software interfaces. I'd apply 'rate-limit' directly on POS interface in such case if you don't require QoS. If you require also QoS, then apply service policy but again directly to the interface.

Here is example of simplest policy:

policy-map subscriber-10Mbps-avg

class class-default

police 10000000

Apply directly to interface as:

interface POS1/0

service-policy input subscriber-10Mbps-avg

service-policy output subscriber-10Mbps-avg

If you still decide to go radius way, then here is an example of user profile:

testuser User-Password = "blahblah"

Service-Type = Framed-User,

Framed-Protocol = PPP,

Framed-IP-Address = 192.168.128.2,

Framed-IP-Netmask = 255.255.255.252,

cisco-avpair="lcp:interface-config=ip address 192.168.128.1 255.255.255.252\nservice-policy input subscriber-10Mbps-avg\nservice-policy output subscriber-10Mbps-avg"

(Notice '\n')

You can find more information in following documents:

QoS configuration guide

http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cg/hqos_c/index.htm

QoS command reference

http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cr/hqos_r/index.htm

Hope this helps.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card