Ascend Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: (ASCEND) ISDN on a user by user basis
On Wed, 18 Jun 1997, Steve Camas wrote:
> Hello,
>
> I was wondering if anyone out there knows of a magic radius user profile
> parameter that would disallow ISDN connectivity on a user by user basis.
> And, if that is possible, is there a way to disallow 2 B channels on a
> user by user basis?
Here comes one of the answers I received to this question when I asked
this question some time ago.
---
Date: Wed, 19 Mar 1997 09:20:40 -0500 (EST)
From: Todd Vierling <tv@pobox.com>
To: Julian Cowley <julian@pixi.com>
Cc: Henrik Johansson <hj@globecom.net>, ascend-users@bungi.com
Subject: Re: (ASCEND) How to separate modem and ISDN users?
On Tue, 18 Mar 1997, Julian Cowley wrote:
: > I have an Ascend 4000 that handles normal analog modems and ISDN callers
: > on the same phone number. What I want to do is that those that are allowed
: > to connect via modem only, shall not be able to use their users profile to
: > access via ISDN too, but ISDN users should be allowed to connect via both
: > analog and ISDN. Could someone please help me, or direct me where in the
: > Radius manual to look, coz I have been goin over it a few times now, but
: > all it does is make my head spin ;).
:
: Using the stock Ascend RADIUS daemon, you'll have to put in individual
: entries for the ISDN users. In the default entry, however, you need to
: put this restriction:
:
: DEFAULT Password = "UNIX", NAS-Port-Type = Async
Sigh, people still use DEFAULT? God-why? <grin>
He's right, except that in the case of all users already having an
individualized RADIUS entry, put no NAS-Port-Type in the ISDN entries, and
the NAS-Port-Type listed above in the analog entries.
Alternatively:
One thing people don't know (this is undocumented) is that another
attribute--in the *response packet* part of the RADIUS entry--can also
restrict people to analog-only access versus ISDN.
userid Password = "password"
User-Service = Framed-User,
Framed-Protocol = PPP,
Ascend-Data-Svc = Switched-modem
With "Ascend-Data-Svc = Switched-modem", the user will not be able to
connect via ISDN; the MAX will internally reject the call after
authenticating with RADIUS. No accounting request will be generated on the
reject. However,
Ascend-Data-Svc = Switched-64K
does not restrict to 64K ISDN; it actually allows all data services. We had
to use this for a while when one of our non-Livingston, non-Ascend boxes
didn't know what a NAS-Port-Type was. :)
=====
== Todd Vierling (Personal tv@pobox.com; Business tv@iag.net) Mmmm, donuts ==
== System administrator/technician, Internet Access Group, Orlando Florida ==
== Dialups in Orange, Volusia, Lake, Osceola counties - http://www.iag.net ==
Henrik Johansson
-----=<->=-----=</>=-----=<->=-----=<|>=-----=<->=-----=<\>=-----=<->=-----
Henrik Johansson email: hj@globecom.net tel: +46 (0)31-727 57 00
Systems Manager mobile: +46 (0)706-25 15 45 fax: +46 (0)31-727 57 15
GlobeCom Network "When communicating is your need" http://globecom.net/
-----=<->=-----=<\>=-----=<->=-----=<|>=-----=<->=-----=</>=-----=<->=-----
++ Ascend Users Mailing List ++
To unsubscribe: send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd: <http://www.shore.net/~dreaming/ascend-faq>
or <ftp://ftp.shore.net/members/dreaming/ascend-faq.txt>
References: