RE: RE: How to Restrict multiple login?
Viaks, you stated that you were going to use radius. That is where you feed a lot of user auth items, also the ones you ask for. As I stated, via radius, you can do a lot. For Cisco commands, check http://www.cisco.com/univercd/cc/td/doc/product/access/acs_serv/5300/case/qccase.htm#xtocid216396 http://www.cisco.com/warp/public/793/access_dial/Isdn_callerID.html Good luck. Martijn >From: "vikas patel" <[EMAIL PROTECTED]> >To: [EMAIL PROTECTED] >Subject: RE: How to Restrict multiple login? >Date: Fri, 23 Feb 2001 10:57:48 - > >Hi martin, >I am still confused and i dont have that caller-ID facility here coz i am >in a remote kind of place. Can u suggest me about the router commands for >my 16 async ports(in built) coz i am not using portmaster too. >May be if you can clarify the followings:- >1) how do i assign one ip per user account after dial-in? >2) as u said to diable multilink, how to do it, i dont think its from >router part? >3)and how to use the connection type async for restricting multi login? > >Thanks for your time and kind help, >waiting for your reply. >Kind regards >vikas > > >>From: "martijn michiel" <[EMAIL PROTECTED]> >>To: [EMAIL PROTECTED], [EMAIL PROTECTED] >>CC: [EMAIL PROTECTED] >>Subject: RE: How to Restrict multiple login? >>Date: Thu, 22 Feb 2001 19:18:03 - >> >>You have multiple options in radius for restricting your users. >> >>If you, in Unix, cannot prevent double --- User Authentication then >>double Line Authorization should be prevented. >> >>- one source ip per user account after dial-in >>- caller id per source phone per user (telco support) >>- disable multilink (w2k) >>- static route per user (w2k)or from cisco to radius (multi-cisco/mutliple >>telcolineno's?) >>- certificates and securID's will also close down mulit login/dialin >>actions >>- connection type isdn number, async >>A lot of these items ar supported through PPP. >> >>I saw something about usertables, did not dive into that one. No unix >>guru, sorry. >>Radius is my thing, because i'm w2k mcse (no comment please)Still a bit of >>GUI guy though. >> >>Martijn MCP 18x >> >>some links etc... >> >>Livingston >>Accounting Attributes >> For RADIUS accounting to function, a series of accounting attributes are >>defined in the dictionary file on the RADIUS server and appear in the >>start and stop accounting records. Use the following descriptions of >>common accounting attributes to help you interpret start and stop records. >>Refer to RFC 2139 for information on other accounting attributes. >>Called-Station-Id and Calling-Station-Id >> Called-Station-Id records the telephone number called by the user. >>Calling-Station-Id records the number the user is called from. This >>information is recorded when the NAS-Port-Type is ISDN, ISDN-V120, or >>ISDN-V110 where supported by the local telephone company. On the >>PortMaster 3 and the PortMaster 4, this information is available for >>asynchronous calls as well, where supported by the local telephone >>company. >> >>http://www.livingston.com/tech/docs/radius/userinfo.html#1004347 >>http://www.livingston.com/tech/docs/radius/userinfo.html#1012237 >> >>-Oorspronkelijk bericht- >>Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]Namens vikas >>patel >>Verzonden: donderdag 22 februari 2001 11:22 >>Aan: [EMAIL PROTECTED] >>Onderwerp: How to Restrict multiple login? >> >> >>Hi folks, >>I am working in an ISP company, got Cisco 2511 router with inbuilt >>RAS(access server), IOS ver. 11.3(9). >>I am using RADIUS from livingston ver. 2.0.1 beta 14 revision 5 for >>windows >>NT4.0 and Netcents ver. 6.0 for billing. I have contacted the netcents >>people and they says that the single/multi login facility is available >>with >>RADIUS only and not with there netcents billing s/w. And i think the >>RADIUS >>ver. that i am using is not supporting this single/multi login features. >>And >>i am going to use this RADIUS b'coz its free. >>How can i Restrict my customers for single login and multi-login into my >>cisco router. B'coz using the above radius and netcents i cannot block >>multi >>user login in my network. Can u guys suggest some solution using the above >>only s/w's. And I am creating users in netcents+radius and these users are >>not the router users. >>Is their any way thru cisco router commands to restrict my customers for
RE: How to Restrict multiple login?
You have multiple options in radius for restricting your users. If you, in Unix, cannot prevent double --- User Authentication then double Line Authorization should be prevented. - one source ip per user account after dial-in - caller id per source phone per user (telco support) - disable multilink (w2k) - static route per user (w2k)or from cisco to radius (multi-cisco/mutliple telcolineno's?) - certificates and securID's will also close down mulit login/dialin actions - connection type isdn number, async A lot of these items ar supported through PPP. I saw something about usertables, did not dive into that one. No unix guru, sorry. Radius is my thing, because i'm w2k mcse (no comment please)Still a bit of GUI guy though. Martijn MCP 18x some links etc... Livingston Accounting Attributes For RADIUS accounting to function, a series of accounting attributes are defined in the dictionary file on the RADIUS server and appear in the start and stop accounting records. Use the following descriptions of common accounting attributes to help you interpret start and stop records. Refer to RFC 2139 for information on other accounting attributes. Called-Station-Id and Calling-Station-Id Called-Station-Id records the telephone number called by the user. Calling-Station-Id records the number the user is called from. This information is recorded when the NAS-Port-Type is ISDN, ISDN-V120, or ISDN-V110 where supported by the local telephone company. On the PortMaster 3 and the PortMaster 4, this information is available for asynchronous calls as well, where supported by the local telephone company. http://www.livingston.com/tech/docs/radius/userinfo.html#1004347 http://www.livingston.com/tech/docs/radius/userinfo.html#1012237 -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]Namens vikas patel Verzonden: donderdag 22 februari 2001 11:22 Aan: [EMAIL PROTECTED] Onderwerp: How to Restrict multiple login? Hi folks, I am working in an ISP company, got Cisco 2511 router with inbuilt RAS(access server), IOS ver. 11.3(9). I am using RADIUS from livingston ver. 2.0.1 beta 14 revision 5 for windows NT4.0 and Netcents ver. 6.0 for billing. I have contacted the netcents people and they says that the single/multi login facility is available with RADIUS only and not with there netcents billing s/w. And i think the RADIUS ver. that i am using is not supporting this single/multi login features. And i am going to use this RADIUS b'coz its free. How can i Restrict my customers for single login and multi-login into my cisco router. B'coz using the above radius and netcents i cannot block multi user login in my network. Can u guys suggest some solution using the above only s/w's. And I am creating users in netcents+radius and these users are not the router users. Is their any way thru cisco router commands to restrict my customers for single login? Thanks in advance. waiting for your reply. kind regards vikas patel _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: How to restrict multiple login?
I think you're asking if you can restrict users from establishing telnet or ssh connections to your router...? You can restrict telnet to the router with an acl applied to the vty linesfor example...permit yourself and other authorized hosts, deny everyone else. i'm not familiar enough with radius to make a stabhope this helps. Roger access-list 150 permit ip host x.x.x.x log access-list 150 permit ip host x.x.x.x log access-list 150 deny ip any any log conf t line vty 0 4 access-class 150 in -Original Message- From: vikas patel [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 22, 2001 01:17 To: [EMAIL PROTECTED] Subject: How to restrict multiple login? Hi folks, I am working in an ISP company, got Cisco 2511 router with inbuilt RAS(access server), IOS ver. 11.3(9). I am using RADIUS from livingston ver. 2.0.1 beta 14 revision 5 for windows NT4.0 and Netcents ver. 6.0 for billing. I have contacted the netcents people and they says that the single/multi login facility is available with RADIUS only and not with there netcents billing s/w. And i think the RADIUS ver. that i am using is not supporting this single/multi login features. And i am going to use this RADIUS b'coz its free. How can i Restrict my customers for single login and multi-login into my cisco router. B'coz using the above radius and netcents i cannot block multi user login in my network. Can u guys suggest some solution using the above only s/w's. And I am creating users in netcents+radius and these users are not the router users. Is their any way thru cisco router commands to restrict my customers for single login? Thanks in advance. waiting for your reply. kind regards vikas patel _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
