Limit "Only One" Connection for PPPoE With Radius

GREG3f · November 17, 2018, 2:50pm

When using Radius to authenticate PPPoE users, is there a way to ensure that Only One session can exist? If we use secrets and select a Profile with “Only One= yes” then the router refuses the second request for a connection, however if we are using an External Radius server, the “Only One” limit is ignored and multiple sessions are possible with the same user/pass.

Looking for a solution that will either implement the same “Only One” limit (i.e. refuse all other requests if one is active) or a different approach, and kick any existing sessions with the same user name before allowing the second to be created. I suppose this could be done with scripting, but we have over 1000 PPPoEs connected and if they all get disconnected and try to reconnect at the same time it can stress the router if there is too much CPU intensive scripts to run.

The reason for this request is because we have found that we are getting multiple PPPoE requests from the same DSL modem and when the same modem has 2 connections it simply will not route properly. This would appear to be a flaw in the SmartRG Modems or something with Bell’s radius forwarding system, but we have not been able to resolve it from either of those avenues, so now we are taking a different approach.

Open to suggestions.

strods · November 17, 2018, 10:07pm

On PPPoE server settings select profile that has such feature enabled. Users authenticated by RADIUS server uses this profile in order to complete authentication process.

GREG3f · November 21, 2018, 12:10am

Should this also work with L2TP connections?

GREG3f · November 21, 2018, 1:16pm

I should mention that we are using both PPPoE (Wireless Network GAteway) and L2TP (Forwarded from Bell DSL Network) servers on 2 different routers. With the L2TP server, the Caller ID (Mac Address) is often the same depending on which LAC forwards the credentials.

Does the Only One Limit work based on User Name, Caller ID or combination of both? It would seem that it is based on Caller ID which prevents us from using Only One when the requests are coming from L2TP.

Is there a way to Limit only one occurence of a User Name regardless of the Caller ID or any other factor?

nadir1 · August 17, 2025, 8:49pm

activate the option ONE SESSION PER HOST on pppoe server configuration.