Клиенты PPPoE авторизуются радиусом. Периодически вижу:
sh use
Interface User Mode Idle Peer Address
Vi3 SOV4ubZa PPPoE 00:20:58 10.0.0.6
Vi4 SOV4ubZa PPPoE 00:19:49 10.0.0.7
Vi5 qMepez3F PPPoE 00:14:27 10.0.0.3 На циске есть:
aaa authentication login default group radius local
aaa authentication ppp default group radius
aaa authorization exec default local group radius if-authenticated
aaa authorization network default group radius
aaa accounting update periodic 1
aaa accounting exec default start-stop group radius
aaa accounting network default start-stop group radius
и вот это:
!
bba-group pppoe global
virtual-template 1
sessions per-mac limit 1
!
interface Virtual-Template1
mtu 1492
ip unnumbered GigabitEthernet0/0.8
ip nat inside
ip virtual-reassembly
rate-limit input 32000 6000 12000 conform-action transmit exceed-action drop
ip route-cache flow
ip policy route-map IT
peer default ip address pool ADSL
ppp authentication pap chap ms-chap ms-chap-v2 eap
В RADIUS
mysql> select * from radgroupreply where Attribute='Port-Limit';
+----+-----------+------------+----+-------+
| id | GroupName | Attribute | op | Value |
+----+-----------+------------+----+-------+
| 24 | ADSL-128 | Port-Limit | = | 1 |
| 25 | ADSL-256 | Port-Limit | = | 1 |
| 26 | ADSL_Slow | Port-Limit | = | 1 |
+----+-----------+------------+----+-------+
mysql> select * from usergroup where username='SOV4ubZa';
+----------+-----------+----------+
| UserName | GroupName | priority |
+----------+-----------+----------+
| SOV4ubZa | ADSL-128 | 1 |
+----------+-----------+----------+
Как запретить два соединения с одним логином?