cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

915
Views
10
Helpful
6
Replies

Freeradius rate-limit management per user or group for Cisco router

Hi communit

The ISP company that i provide software has Cisco and Mikrotik routers.

Users can buy limitless packets with a certain upload/download rate or fair usage packets with a higher speed until their quota is over then lower speed for monthly period.

 

For AAA we use freeradius 3.x, and for Mikrotik just setting the Mikrotik-Rate-Limit as uolpadK(M)/downloadK(M) is sufficent, does Cisco has such AVPs for managing rate-limit per user or group?

 

Regards

 

 

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
VIP Advisor

Re: Freeradius rate-limit management per user or group for Cisco router

 

"lcp:interface-config#1=rate-limit output 128000 10000 10000 conform-action continue exceed-action drop";
There are 3 numbers, if one is for download rate and one for upload then what does the third mean?

This Committed Access Rate  1. bps  2. burst-normal  3. burst-max

 

Do we need to create different groups for defferent speeds?
Is just adding groıps with attribute Cisco-Avpair with value of above long string enough for Cisco router to get requested rate? 

 

you can create Many groups if you like to, and put the user in that group, so he get based on the policies.

 

BB
*** Rate All Helpful Responses ***

View solution in original post

6 REPLIES 6
VIP Advisor

Re: Freeradius rate-limit management per user or group for Cisco router

Depends on how you design, some of the scripts can manually can be created, as an ISP myself i did many scripts with Freeradius, its good to modify as per your requirement.

 

have you looked the below example :

 

http://lists.freeradius.org/pipermail/freeradius-users/2007-January/015493.html

BB
*** Rate All Helpful Responses ***

Re: Freeradius rate-limit management per user or group for Cisco router

Thank balaji.

Yes i have seen that example, but didnt understand the meaning of numbers in
"lcp:interface-config#1=rate-limit output 128000 10000 10000 conform-action continue exceed-action drop";
There are 3 numbers, if one is for download rate and one for upload then what does the third mean?

Do we need to create different groups for defferent speeds?
Is just adding groıps with attribute Cisco-Avpair with value of above long string enough for Cisco router to get requested rate?

If we need to add different groups for different rates then we need to change group of users when fair usega quota is over, this makes it difficult to write a fair usage policy in feeradius with unlang code becuase sql data cannot be updated by unlang. If setting rate-limit per user dynamically with Mikrotik router is possible then it should be for Cisco too.

VIP Advisor

Re: Freeradius rate-limit management per user or group for Cisco router

 

"lcp:interface-config#1=rate-limit output 128000 10000 10000 conform-action continue exceed-action drop";
There are 3 numbers, if one is for download rate and one for upload then what does the third mean?

This Committed Access Rate  1. bps  2. burst-normal  3. burst-max

 

Do we need to create different groups for defferent speeds?
Is just adding groıps with attribute Cisco-Avpair with value of above long string enough for Cisco router to get requested rate? 

 

you can create Many groups if you like to, and put the user in that group, so he get based on the policies.

 

BB
*** Rate All Helpful Responses ***

View solution in original post

Re: Freeradius rate-limit management per user or group for Cisco router


@balaji.bandi wrote:

 

"lcp:interface-config#1=rate-limit output 128000 10000 10000 conform-action continue exceed-action drop";
There are 3 numbers, if one is for download rate and one for upload then what does the third mean?

This Committed Access Rate  1. bps  2. burst-normal  3. burst-max

 

Do we need to create different groups for defferent speeds?
Is just adding groıps with attribute Cisco-Avpair with value of above long string enough for Cisco router to get requested rate? 

 

you can create Many groups if you like to, and put the user in that group, so he get based on the policies.

 


Thanks @balaji.bandi.

I think in ""lcp:interface-config#1=rate-limit output 128000 10000 10000 conform-action continue exceed-action drop";"

output  should mean download (or upload?) for the user, so we need another entry for input like:

"lcp:interface-config#1=rate-limit input 4000 2000 2000 conform-action continue exceed-action drop"; for upload rate-limit. Am i wrong? 

And I understand that i need to add a new radius group for each different rate that ISP company wants to sell. 

 

Regards. 

a.arslan

Re: Freeradius rate-limit management per user or group for Cisco router

I may not need groups,
I just need to update reply in my rate and fair usage policy script as

update reply {
        &User-Name := "%{User-Name}
        &Cisco-Avpair = 'lcp:interface-config#1=rate-limit output bps burst-normal burst-max conform-action continue exceed-action drop'
        &Cisco-Avpair += 'lcp:interface-config#2=rate-limit input bps burst-normal burst-max conform-action continue exceed-action drop'
}


I am just not sure about lcp:interface-config#1 thing, if its number should increase or be same or it dpends on the configuration of the cisco router.

Highlighted

Re: Freeradius rate-limit management per user or group for Cisco router

I may not need groups

Updating reply item in my rate and fair usage policy unlang code as:

 

 

update reply {
        &User-Name := "%{User-Name}
        &Cisco-Avpair = 'lcp:interface-config#1=rate-limit output bps burst-normal burst-max conform-action continue exceed-action drop'
        &Cisco-Avpair += 'lcp:interface-config#2=rate-limit input bps burst-normal burst-max conform-action continue exceed-action drop'
}

 

 

should do the work, just not sure about lcp:interface-config#1, ,if the number should increase or be the same for upload pair.

 

Any suggestion and corrections will be greatly appreciated.