Re: Radius, Cisco 1600 and Windows Clients
On Mi, 16.03.2005, 15:02, Agustín Ciciliani sagte:
> Dear Christian,
>
> Thanks for your answer. I thought in PPPoE... Even though I couldn't
> implement it in a
> 1600, could you give some ideas about how to configure it?
>
> Agustín
For radius I used radiusd-cistron.
Christian
>-------------------- snip ---------------------<
aaa new-model
aaa authentication login VTY line
aaa authentication ppp default group radius
aaa authorization network default group radius none
aaa accounting network default start-stop group radius
vpdn enable
vpdn-group pppoe
accept-dialin
protocol pppoe
virtual-template 1
interface Loopback0
ip address 192.168.1.1
interface Virtual-Template1
ip unnumbered Loopback0
peer default ip address pool dynadd
ppp authentication chap
ip local pool dynadd 192.168.1.2 192.168.1.100
radius-server host 192.168.100.1 auth-port 1812 acct-port 1813
radius-server key 0 verysecret
>-------------------- snip ---------------------<
>
> ----- Original Message -----
> From: "Christian Storch" <storch@infra.net>
> To: <debian-isp@lists.debian.org>
> Sent: Tuesday, March 15, 2005 6:19 PM
> Subject: Re: Radius, Cisco 1600 and Windows Clients
>
>
>> Jesse Molina wrote:
>> > Ah, everything just got much more complicated.
>> >
>> > You are going to need an authentication and access control system.
>> > Something like you would use in an Internet Cafe or wireless access
>> > point or something. A lot depends upon your equipment, the goals of
>> > the solution, and budget.
>> >
>>
>> Perhaps authenticating all users by a PPPoE session could be an option?
>> I've done it with a 3600' cisco to offer a compatible interface to
>> former
>> dsl users (without modem). AFAIK its not possible with a 1600.
>>
>> Christian
>>
>>
>>
>> > On Mon, Mar 14, 2005 at 01:35:13PM -0300, Agust?n Ciciliani wrote:
>> >
>> >>Dear Jesse,
>> >>Let me tell you all the idea then...
>> >>I'm working for an ISP, so the top goal for us would be that we could
>> authenticate the
>> >>user by IP, MAC, username and password, and only if all this is
>> correct for that
> client,
>> >>we allow him to access Internet, but with all services (ftp, ssh, web,
>> pop3, smtp,
> etc.)
>> >>no just http. Something else that we need is to allow him just for
>> some time, lets say
> for
>> >>example during the night, or for an hour...
>> >>
>> >>We don't care what kind of packets our users will traffic. We only
>> want to control if
> he
>> >>is able to access all the Internet or not and for how much time...
>> >>
>> >>I thought in freeradius because I can mantein the clients data in a
>> mysql database and
> as
>> >>I could read my network has all what it's needed, but if you say I
>> have to use
> somenthing
>> >>else you are the expert here!
>> >>Let me say that I'm really gratefull for your help! I hope we can make
>> all this work.
>> >>Thanks again,
>> >>
>> >>Agustin
>> >>
>>
>> ...
>>
>>
>> --
>> To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
>> with a subject of "unsubscribe". Trouble? Contact
>> listmaster@lists.debian.org
>>
>>
>>
>>
>
>
> --
> To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
>
>
Reply to: