JunosE 11.2.x Broadband Access Configuration Guide
Limiting Active Subscribers
aaa subscriber limit per-port
aaa subscriber limit per-vr
Notifying RADIUS of AAA Failure
aaa accounting acct-stop on-aaa-failure
86
Example 2—Sets the session timeout to 3600 seconds.
host1(config)#aaa timeout session 3600
Use the no version to restore the idle or session timeout to its default value, 0 seconds,
and to disable ingress-only traffic monitoring for the idle timeout if it is configured.
See aaa timeout
You can limit the number of active subscribers on a port or virtual router.
Use to limit the number of active subscribers permitted on a port.
Example
host1(config)#aaa subscriber limit per-port 2/0 20
Use the no version to return to the default value, 0 (zero).
See aaa subscriber limit per-port
Use to limit the number of active subscribers permitted on a virtual router.
Because profiles are applied to subscribers after the PPP authentication phase,
subscribers that have their VR context specified by profiles are not denied access.
Instead, when IP notifies AAA of the subscribers VR context, AAA checks limits. If the
subscriber exceeds the VR limit, AAA revokes the subscriber's access and logs out the
subscriber.
Example
host1:vr17(config)#aaa subscriber limit per-vr 20
Use the no version to return to the default value, 0 (zero).
See aaa subscriber limit per-vr
If a user passes RADIUS authentication, but fails AAA authentication, the RADIUS server
may still allocate an address for the user from its internal address pool. To indicate to
the RADIUS server to free the address, you can set up the router to send an Acct-Stop
message if a user fails AAA.
Use to cause the router to send an Acct-Stop message if a user fails AAA, but RADIUS
grants access.
Example
Copyright © 2010, Juniper Networks, Inc.