Re: (ASCEND) Restricting access to CLID

To: ascend-users@max.bungi.com
Subject: Re: (ASCEND) Restricting access to CLID
From: Tim Basher <basher@ces.cwru.edu>
Date: Mon, 8 Mar 99 17:19:31 EST
Sender: owner-ascend-users@max.bungi.com

> I'd like to restrict a PPP Radius-Dialin-Profile to a specific CLID.
> In the case a caller authenticates via PAP/CHAP but has the wrong
> CallerID the Radius should send a AuthNak or something.

It is called an Access-Reject (see RFC 2138).

> Is this included in the Ascend Radius using a Max4k as NAS?

You need to add the "Caller-Id" (aka Calling-Station-Id) as a check-item
in the RADIUS user entry.  In a Livingston RADIUS server or derivatives
(like Ascend RADIUS), the check-items must all be on the first line of
the user entry, along with the Password.  Check-items are values that
must be true for the user to be successfully authorized.

Example:

username  Password = "passwd", Caller-Id = "8005551212"
          User-Service = Framed-User,
          Framed-Protocol = PPP,
          Framed-Netmask = 255.255.255.128,
          Ascend-Assign-IP-Pool = 1

Warning: Putting it on a separate line within the user entry would make
it a reply-item.

++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>

Prev by Date: Re: (ASCEND) CLID to Radius Accounting on Max4000
Next by Date: Re: (ASCEND) Max 4000 reboot w/ 7.0.3
Prev by thread: (ASCEND) Restricting access to CLID
Next by thread: (ASCEND) RE: Bad News
Index(es):
- Date
- Thread