Security

Hi All

I have a customer who wants to kick his users off the guest network when they have reached a download cap. I have applied a post auth session enforcement profile that does this fine and disconnects the user. However, this only works when they re-authenticate. So yesterday, whilst on site, I could happily download way more than the 50Mb limit we set, but if I disconnected and reconnected, I would get kicked off.

How do I make this continually monitor a session and kick them off when they hit 50Mb? I have RADIUS accounting set up properly and the data is being recorded in the Accounting page.

If I was doing this with RADIUS, then I could reauth regularly and check the bandwidth downloaded that way, without the user seeing a drop but with captive portal, this would mean they would need to re-auth through the portal every time we check the bandwidth figure.

Any ideas how to get round this?

Cheers

Are you also doing mac-caching?  Perhaps tie into that as well?  Is radius interim accounting also enabled?

I have Radius interim accounting set up. We aren't doing mac caching at the moment.

 Make sure your COA is working. You can check in the logs on the guest side and CPPM to see if is being triggered but there might be some errors.

Also make sure in your service that you have the bandwidth limit is in the enforcement.

Last time I tried this with 6.3 (didnt work very well...) I had to use a black list repository and it was based on the username (no good for anonymous service).

I'll try dig out the case nots to see if I an put togther a walk though.

I have the badnwidth policy in the enforcement porofile and CoA is working. Maybe I'm missing something but I can't see at what point and how the service would check the bandwidth used except at authentication?

you must have interm account turned on also on the NAS device. By default most vendors it is at 10 min intervals. 

Interim accounting is enabled too!