<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META NAME="Generator" CONTENT="MS Exchange Server version 6.5.7232.36">
<TITLE>[SPAM] - Re: [cisco-bba] Redirection to WWW determined by AVP - Email found in subject</TITLE>
</HEAD>
<BODY>
<DIV id=idOWAReplyText52607 dir=ltr>
<DIV dir=ltr><FONT face=Arial color=#000000 size=2>Hi,</FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2>This is kinda what I have been looking at
over the past few weeks, but have been distracted with other things and not
really got my head around it.</FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2>We have a lot of DSL customers with static
IPs & routed blocks... now how could I apply it?</FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2>Static IPs I could change their IP to a
private 10.100.x.x IP then once paid change it back... scripting that is
easy.... but for customers with routed blocks... how could I do
that..</FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2>Could you not do it with an access list
& avpair?</FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2>Regards,</FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2>Alex</FONT></DIV></DIV>
<DIV dir=ltr><BR>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> cisco-bba-bounces@puck.nether.net on
behalf of Ian Henderson<BR><B>Sent:</B> Sun 10/07/2005 06:29<BR><B>To:</B> Mark
Tohill<BR><B>Cc:</B> cisco-bba@puck.nether.net<BR><B>Subject:</B> [SPAM] - Re:
[cisco-bba] Redirection to WWW determined by AVP - Email found in
subject<BR></FONT><BR></DIV>
<DIV>
<P><FONT size=2>On Fri, 8 Jul 2005, Mark Tohill wrote:<BR><BR>> Thought that
this would be moving towards Policy-Based-Routing, routing<BR>> on source
rather than destination. Is this a possibility, or is their a<BR>> smarter
way to implement this via RADIUS?<BR><BR>Assign the users you wish to redirect a
block of RFC1918 address space<BR>when they login. This address space is
policy-routed to your 'playpen'<BR>machine. This is how we do it for customers
who are suspended or have to<BR>change their dial number or
similar.<BR><BR>access-list 98 remark *** Playpen<BR>access-list 98 permit
10.100.0.0 0.0.255.255<BR>!<BR>route-map PLAYPEN permit 5<BR> match ip
address 98<BR> set ip next-hop 10.13.102.1<BR>!<BR>route-map PLAYPEN permit
20<BR><BR>The next hop can either be your web server, or a tunnel towards a
router<BR>on the same subnet.<BR><BR>The only drawback to this approach is the
customer has to disconnect to<BR>get 'real' Internet access once they're done
paying their bill/agreeing to<BR>the T&C's/etc.<BR><BR>Other suggestions
include:<BR><BR>- Use a VRF with a different default route. You'd still need the
directly<BR> connected web server, or a tunnel to it, or MPLS to get
traffic to go<BR> the right direction.<BR><BR>- Investigate Cisco's SSG
stuff. I only know Marketing-speak about it, but<BR> apparently it does
exactly what you're after. Multiple services are<BR> defined ('Internet',
'Playpen', 'Free Gaming only', etc). RADIUS<BR> authenticates the user
when they want to access each service (defined by<BR> IP address or
interface) giving access based on business rules. So if I<BR> understand
the whole thing correctly, you could put all users by default<BR> in the
'Playpen' service, then only let the signed up customers access<BR>
anything else.<BR><BR>- If you already transparently cache users, intercept them
here using an<BR> LDAP lookup or
similar.<BR><BR>Rgds,<BR><BR><BR><BR><BR>- I.<BR><BR>--<BR>Ian Henderson, CCIE
#14721<BR>Senior Network Engineer<BR><BR>iiNet Limited<BR>Chime Communications
Pty Ltd<BR>_______________________________________________<BR>cisco-bba mailing
list<BR>cisco-bba@puck.nether.net<BR><A
href="https://puck.nether.net/mailman/listinfo/cisco-bba">https://puck.nether.net/mailman/listinfo/cisco-bba</A><BR></FONT></P></DIV>
</BODY>
</HTML>