[VOP RADIUS] Assigning Radius Attributes

Mon, 31 Mar 2003 14:28:13 -0800 

* This is the VOP Radius mailing list *
Mike,

While I have never used a AS5300 in production, perhaps I can offer some suggestions 
that might lead you to a solution.  As was already mentioned, you could just assign a 
different IP range for the demo users and setup an ACL that limits that IP range to 
your internal systems.

The other two ways that I am aware that you could do it with a radius attribut would 
be to use the generic filter-id attribute or the vendor specific cisco cisco-avpair 
attributes.  The filter-id attribute works by creating ACLs for your incoming and 
outgoing traffic you want filtered and then setup an filter-id attribute for the demo 
users where filter-id <acl>.in and/or <acl>.out where <acl> is your acl number (or 
name).  If memory serves, filter-id does not work with ISDN connections.  

The other way to do it is with cisco-avpair and the group setting.  Your config would 
look something like this (no guarantee this would be exact):



 DEFAULT NAS-IP-Address  = 192.168.1.1, Auth-Type = Check_SYSTEM, Group = signup_only
     Framed-Protocol = PPP,
     Framed-MTU = 768,
     Idle-Timeout = 60,
     Framed-Compression = Van-Jacobson-TCP-IP,
     Session-Timeout = 7200,
     cisco-avpair = "ip:inacl#1=permit host 192.168.1.2",
     cisco-avpair = "ip:inacl#2=deny any",
     Fall-Through = No

I hope this helps leads you towards a solution.

-Robert Maynard
[EMAIL PROTECTED]


----- Original Message -----
From: Mike McTee
Sent: 3/31/2003 11:50:30 AM
To: [EMAIL PROTECTED]
Subject: [VOP RADIUS] Assigning Radius Attributes

> * This is the VOP Radius mailing list *
> Is there a way through assigning attributes in VOP Radius Profiles to
> limit a dialup customer to only being able to http to a specific URL or
> IP Address?
> 
>  
> 
> I need a way to prevent our Setup CD from allowing customers to browse
> anywhere except our setup website.  We've experienced customers that can
> somehow end up with the username/password of the Setup CD set as their
> default connection on their machine and they end up surfing on our dime!
> 
>  
> 
> Thanks in advance,
> 
> Mike McTee
> 
> Internet Systems Technician
> 
> Eastex Net (www.eastex.net <http://www.eastex.net/> )
> 
>  
> 
> 
> This message was virus scanned by Eastex Net using ModusMail
> 
> **
> To leave this list, send an email to [EMAIL PROTECTED]
> and put the word "LEAVE" in the BODY of the email.
> 


**
To leave this list, send an email to [EMAIL PROTECTED]
and put the word "LEAVE" in the BODY of the email.

Reply via email to