Javier, Chris is correct, and to go a step further I don't think that what you are trying to do will work as described. Since your users are on PCs, I assume you are wanting browser access, and maybe e-mail client (or server) access.
The telnet sessions you are authenticating are probably for managing the router - not passing traffic through. For what you are trying to do (control user access to the 'net) the best solution is probably a proxy server, especially if yor are running an NT/2000 domain. You *might* be able to do it with your PIX and radius, but I really don't know. I am about 99% sure that you are NOT going to do it with the 7200. The 7200 is a router, not an access server, and not a proxy or firewall device. You might also be able to accomplish it with some IP addressing tricks. Set the PIX up to only NAT a certain address range. Then put the machines (as opposed to users) in that range that get access, and put the others outside that range. Obviously there is no authentication here, so I don't know if that really meets your needs. Tim -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Chris Parker Sent: Wednesday, September 18, 2002 1:04 PM To: [EMAIL PROTECTED] Subject: Re: internet authentication At 11:48 AM 9/18/2002 -0600, Javier Santos wrote: >I know that application isn't a typical radius application. > >I have router IOS 7200 Software (UBR7200, Version 12.2(7a) who is RADIUS >client. > >I have 2 lANs one conected to ISP and another to Internet users. > >I need to permit Internet access to some users, but not all. > >the user enviroment is basically Windows PCs. > >Is possible to do this with RADIUS? Sure, RADIUS can do this. RADIUS can authenticate nearly anything. Whether you can get the Router to authenticate to a RADIUS server is an entirely different question for an entirely different list. What you are asking for is not a function of RADIUS, but a function of your Router. The first place to start asking would be your Router vendor and on mailing lists for users of your Router vendor's hardware. Not trying to be difficult, but your question is not going to be answered here as it simply cannot be! -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless! \ Director, Engineering | @ @ | \ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\------------------------------------------------------ \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
