Using a MAX2000 (5.0Ap33) and AscendAccessControl (1.0Ai7). I had a number of users who were entered in the AccessControl user file using Caller-ID for authentication. e.g. (where xxxxxxxxxx is the users telephone id presented by the telco) xxxxxxxxxxx Password = "Ascend-CLID", Service-Type=Framed Ascend-Require-Auth = Not-Require-Auth, Ascend-Assign-IP-Pool = 1, Ascend-Route-IP = Route-IP-Yes Unfortunately it appears that if a random user makes a call (I used NT RAS), from any location, specifying the telephone number as the username and Ascend-CLID as the password they are authenticated and get a connection to the network. This is not the desired behaviour :( If I setup two-tier authentication that requires a password then this hole doesn't exist, but I then require to enter individual usernames and passwords for each user and have a separate 2nd-tier entry for each different Calling-Station-ID. This in turn requires configuring my remote devices (which is actually quite tricky in my application) to have an individual identity - i.e. suddenly I have to put in significantly more support resources... This doesn't happen when the connection profile is local rather than using Radius. Is there something obvious I am missing in setting up Radius, or is this a large security hole I had fallen into? philip ross system support Xerox Research Centre Europe ++ Ascend Users Mailing List ++ To unsubscribe: send unsubscribe to ascend-users-request@bungi.com To get FAQ'd: <<A HREF="http://www.nealis.net/ascend/faq">http://www.nealis.net/ascend/faq</A>> </PRE> <!--X-MsgBody-End--> <!--X-Follow-Ups--> <HR> <STRONG>Follow-Ups</STRONG>: <UL> <LI><STRONG><A HREF="msg10236.html">Re: (ASCEND) Radius and CLID security problem</A></STRONG></LI> <UL> <LI><EM>From</EM>: De Vries Marc <"MARC.DE VRIES"@btmaa.bel.alcatel.be></LI> </UL> </UL> <!--X-Follow-Ups-End--> <!--X-References--> <!--X-References-End--> <!--X-BotPNI--> <HR> <UL> <LI>Prev by Date: <STRONG><A HREF="msg10230.html">Re: (ASCEND) Ideas: Next Release Ap28 or Ap29</A></STRONG> </LI> <LI>Next by Date: <STRONG><A HREF="msg10228.html">Re: (ASCEND) 5.1Ap4 for the Pipelines</A></STRONG> </LI> <LI>Prev by thread: <STRONG><A HREF="msg10226.html">Re: (ASCEND) Re: Suggested LQM settings? (fwd)</A></STRONG> </LI> <LI>Next by thread: <STRONG><A HREF="msg10236.html">Re: (ASCEND) Radius and CLID security problem</A></STRONG> </LI> <LI>Index(es): <UL> <LI><A HREF="maillist.html#10229"><STRONG>Main</STRONG></A></LI> <LI><A HREF="thrd222.html#10229"><STRONG>Thread</STRONG></A></LI> </UL> </LI> </UL> <!--X-BotPNI-End--> <!--X-User-Footer--> <!--X-User-Footer-End--> </BODY> </HTML>