Ascend Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: (ASCEND) ISDN on a user by user basis



On Wed, 18 Jun 1997, Steve Camas wrote:

> Hello,
> 
> I was wondering if anyone out there knows of a magic radius user profile
> parameter that would disallow ISDN connectivity on a user by user basis.
> And, if that is possible, is there a way to disallow 2 B channels on a
> user by user basis? 

Here comes one of the answers I received to this question when I asked
this question some time ago.

---


Date: Wed, 19 Mar 1997 09:20:40 -0500 (EST)
From: Todd Vierling <tv@pobox.com>
To: Julian Cowley <julian@pixi.com>
Cc: Henrik Johansson <hj@globecom.net>, ascend-users@bungi.com
Subject: Re: (ASCEND) How to separate modem and ISDN users?

On Tue, 18 Mar 1997, Julian Cowley wrote:

: > I have an Ascend 4000 that handles normal analog modems and ISDN callers
: > on the same phone number. What I want to do is that those that are allowed
: > to connect via modem only, shall not be able to use their users profile to
: > access via ISDN too, but ISDN users should be allowed to connect via both
: > analog and ISDN. Could someone please help me, or direct me where in the
: > Radius manual to look, coz I have been goin over it a few times now, but
: > all it does is make my head spin ;).
:
: Using the stock Ascend RADIUS daemon, you'll have to put in individual
: entries for the ISDN users.  In the default entry, however, you need to
: put this restriction:
: 
: DEFAULT		Password = "UNIX", NAS-Port-Type = Async

Sigh, people still use DEFAULT?  God-why? <grin>

He's right, except that in the case of all users already having an
individualized RADIUS entry, put no NAS-Port-Type in the ISDN entries, and
the NAS-Port-Type listed above in the analog entries.

Alternatively:

One thing people don't know (this is undocumented) is that another
attribute--in the *response packet* part of the RADIUS entry--can also
restrict people to analog-only access versus ISDN.

  userid      Password = "password"
              User-Service = Framed-User,
              Framed-Protocol = PPP,
              Ascend-Data-Svc = Switched-modem

With "Ascend-Data-Svc = Switched-modem", the user will not be able to
connect via ISDN; the MAX will internally reject the call after
authenticating with RADIUS.  No accounting request will be generated on the
reject.  However,

              Ascend-Data-Svc = Switched-64K

does not restrict to 64K ISDN; it actually allows all data services.  We had
to use this for a while when one of our non-Livingston, non-Ascend boxes
didn't know what a NAS-Port-Type was.  :)

=====
== Todd Vierling (Personal tv@pobox.com; Business tv@iag.net) Mmmm, donuts ==
== System administrator/technician, Internet Access Group, Orlando Florida ==
== Dialups in Orange, Volusia, Lake, Osceola counties - http://www.iag.net ==

Henrik Johansson

 -----=<->=-----=</>=-----=<->=-----=<|>=-----=<->=-----=<\>=-----=<->=-----
  Henrik Johansson     email: hj@globecom.net      tel: +46 (0)31-727 57 00
   Systems Manager   mobile: +46 (0)706-25 15 45   fax: +46 (0)31-727 57 15
  GlobeCom Network "When communicating is your need"   http://globecom.net/
 -----=<->=-----=<\>=-----=<->=-----=<|>=-----=<->=-----=</>=-----=<->=-----

++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.shore.net/~dreaming/ascend-faq>
or		<ftp://ftp.shore.net/members/dreaming/ascend-faq.txt>


References: