Login
- Table of Contents
-
- 03-Security Command Reference
- 00-Preface
- 01-ARP attack protection commands
- 02-ASPF commands
- 03-IP-MAC binding commands
- 04-Keychain commands
- 05-ND attack defense commands
- 06-Password control commands
- 07-uRPF commands
- 08-Location identification commands
- 09-Security zone commands
- 10-User identification commands
- 11-MAC learning through a Layer 3 device commands
- 12-Security policy commands
- 13-Microsegmentation commands
- 14-IP-SGT mapping commands
- 15-SMS commands
- 16-Trusted access control commands
- 17-Application account auditing commands
- 18-Terminal identification commands
- 19-IPoE commands
- 20-SSL commands
- 21-Flow manager commands
- 22-Object group commands
- 23-IP source guard commands
- 24-Server connection detection commands
- 25-Session management commands
- 26-DDoS protection commands
- 27-PKI commands
- 28-Crypto engine commands
- 29-AAA commands
- 30-Portal commands
- 31-IPsec commands
- 32-Public key management commands
- 33-Attack detection and prevention commands
- 34-Connection limit commands
- 35-SSH commands
- 36-SDP zero trust commands
- 37-APR commands
- 38-Overbilling prevention commands
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 38-Overbilling prevention commands | 51.02 KB |
Overbilling prevention commands
safebilling enable
Use safebilling enable to enable overbilling prevention.
Use undo safebilling enable to disable overbilling prevention.
Syntax
safebilling enable
undo safebilling enable
Default
Overbilling prevention is disabled.
Views
System view
Predefined user roles
network-admin
context-admin
Usage guidelines
Application scenarios
Use this feature in the following scenarios:
After user A goes offline, the session with the external server does not age out promptly. The external server continues to send traffic to user A, resulting in abnormal billing for user A.
After user A goes offline, the session with the external server does not age out promptly. When new user B comes online and gets the same address as user A, user B receives a large amount of traffic from the external server intended for user A. This causes abnormal billing for user B.
Operating mechanism
When the overbilling prevention-enabled device receives a RADIUS Accounting Stop message from an access device (RADIUS client), it generates an offline user blocking entry to delete the offline user session that does not age out in time. In this way, this feature blocks the traffic from the server to the offline user.
Restrictions and guidelines
Before you configure this feature, configure the device as the RADIUS accounting server by using the primary accounting command on the access device (RADIUS client). This configuration enables the access device to send Accounting Stop messages to the device.
Examples
# Enable overbilling prevention.
<Sysname> system-view
[Sysname] safebilling enable
Related commands
display safebilling block
primary accounting (Security Command Reference)
display safebilling block
Use display safebilling block to display offline user blocking entries.
Syntax
In standalone mode:
display safebilling block [ slot slot-number [ cpu cpu-number ] ]
In IRF mode:
display safebilling block [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
context-admin
context-operator
Parameters
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays entries on all cards. (In standalone mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays entries on all cards. (In IRF mode.)
cpu cpu-number: Specifies a CPU by its number. This option is available only if multiple CPUs are available on the specified slot.
Usage guidelines
When the firewall receives an Accounting Stop message from the specified IP, it generates an offline user blocking entry. Execute this command to view the generated offline user blocking entries.
Examples
# (In standalone mode.) Display the offline user blocking entries generated on the firewall.
<Sysname> display safebilling block
CPU 0 on slot 1:
Total block entries found: 4
Framed-IP-Address Update time TTL
100.100.100.113 2024-03-23 14:29:41 50s
100.100.100.114 2024-03-23 14:29:31 40s
100.100.100.112 2024-03-23 14:29:21 30s
100.100.100.111 2024-03-23 14:29:11 20s
# (In IRF mode.) Display the offline user blocking entries generated on the firewall.
<Sysname> display safebilling block
CPU 0 on Slot 1 in chassis 1:
Total block entries found: 4
Framed-IP-Address Update time TTL
100.100.100.113 2024-03-23 14:29:41 50s
100.100.100.114 2024-03-23 14:29:31 40s
100.100.100.112 2024-03-23 14:29:21 30s
100.100.100.111 2024-03-23 14:29:11 20s
Table 1 Command output
|
Field |
Description |
|
Total block entries found |
Total number of blocking entries. |
|
Framed-IP-Address |
IPv4 address of an offline user. |
|
Update time |
Time when the offline user blocking entry was updated. |
|
TTL |
Remaining lifetime (in seconds) of the offline user blocking entry. |
Related commands
safebilling enable