From owner-freebsd-isp  Fri Jul 16 11:28: 5 1999
Delivered-To: freebsd-isp@freebsd.org
Received: from smtp.nwlink.com (smtp.nwlink.com [209.20.130.57])
	by hub.freebsd.org (Postfix) with ESMTP id C40EE14BF9
	for <freebsd-isp@FreeBSD.ORG>; Fri, 16 Jul 1999 11:28:03 -0700 (PDT)
	(envelope-from bryn@nwlink.com)
Received: from nwlink.com (root@arkansas.nwlink.com [209.20.130.65])
	by smtp.nwlink.com (8.9.3/8.9.3) with ESMTP id LAA07520;
	Fri, 16 Jul 1999 11:25:32 -0700 (PDT)
Message-ID: <378F791C.3132B7B4@nwlink.com>
Date: Fri, 16 Jul 1999 11:25:32 -0700
From: "Bryn Wm. Moslow" <bryn@nwlink.com>
Organization: Northwest Link Systems Group
X-Mailer: Mozilla 4.6 [en] (X11; I; Linux 2.2.10 i686)
X-Accept-Language: en
MIME-Version: 1.0
To: Ben Vaughn <bvaughn@prophetnetworks.net>
Cc: freebsd-isp@FreeBSD.ORG
Subject: Re: cistron and speed limiting?
References: <Pine.BSF.4.10.9907161247440.43026-100000@shell01.prophetnetworks.net>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Ben Vaughn wrote:
> 
>         Hello,
>         We use cistron radius as our radius type and I was wondering if
> anyone on this list has used this to successfully limit users speeds? We
> have a default entry for anyone who shows up in passwd, but since our
> access server is a digital one, a customer paying for 33.6k can use 56k or
> even isdn! We can set port-limit to 1 to remove the problem of people
> using 128k isdn, but we still cannot speed limit people. I am trying to
> make the default entry 33.6k only, while if someone is a 56k or isdn user,
> they have to have a separate entry in users to be able to use it. Have
> tried setting NAS-Port-Type but to no avail. Anybody have a clue?
> 
> Thanks,
> Ben Vaughn
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-isp" in the body of the message

I successfully use Port-Type with Livingston RADIUS 2.0 to at least keep
analog accounts from using ISDN, "NAS-Port-Type = Async" in my DEFAULT.
Your hardware may not accept the Port-Type response item. Check your
hardware manual against your RADIUS dictionary. I'm using
Livingston/Lucent Portmasters and 3Com/USR Total Control Chassis.

I don't see how you would do this without sending commands directly to
the modem the user is connecting to as the physical connection is
negotiated and made before authentication via RADIUS takes place. It
might be possible, hardware allowing, with a log-watching script or some
hacking of the RADIUS code itself which could get you more trouble than
it's worth if you have lots of short connections or allow Multi-PPP.
Sadly, I can think of many more reasons to not do it than do it that
way.

-- 

    /\        /\            /| Bryn Wm. Moslow         
   /  \      /  \          / | Manager of Systems Operations
  /    \    /    \        /  | Northwest Link
 /      \  /      \  /\  /   | (425) 451-1151 -or- (800) 390-1270 
/        \/        \/  \/    |_______ http://www.nwlink.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message