Re: (ASCEND) Restricting/allowing access to IP addresesses for each user

[basher@alpha.ces.cwru.edu (Tim Basher)]

> I'm setting up a system which uses an Ascend Max unit to control logins.
> What I would like to do is set it up so that I can specify which users have
> access to which resources, eg. user John will have access to the Internet
> but not access to our Game server, while Mark will be able to access the 
> game server but not the Internet, and Jane will have access to both.

In this case you will need to install packet filters for each connection 
which you wish to restrict.  

> I have heard about Ascend's access control software - Does it allow you
> to specify allowed/denied IP addresses like this for each user profile
> you create?

You can use any RADIUS server which supports the Ascend "abinary" data type
to download a set of packet filters for each user.  Ascend Access Control
is supposed to support the abinary "Ascend-Data-Filter" RADIUS attribute, as
does the free Ascend RADIUS.  There are others, both commercial and free
that you might also want to investigate.

Recent releases of TAOS (6.1 and later) include support for standard RADIUS
attribute "Filter-ID" which allows you to select a packet filter for use on
a connection that was already configured on the MAX.

For more information on the Ascend-Data-Filter and Filter-ID attributes,
check the MAX documention set or TAOS release notes.

++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>

---

Follow-Ups:

• (ASCEND) Rebooting 6.1.7 always kills Livingston Radius
• From: tim patterson <ttt@harborside.com>

---

• Prev by Date: Re: (ASCEND) Fw: 766815 Radius log trash in 6.1.7
• Next by Date: Re: (ASCEND) Lucent -=-> Ascend --> ? (fwd)
• Prev by thread: (ASCEND) Restricting/allowing access to IP addresesses for each user
• Next by thread: (ASCEND) Rebooting 6.1.7 always kills Livingston Radius
• Index(es):
  • Main
  • Thread