[cisco-nas] include extra attribute in the auth request

Oliver Boehmer (oboehmer) oboehmer at cisco.com
Wed Apr 5 17:25:49 EDT 2006


Tassos Chatzithomaoglou <mailto:achatz at forthnet.gr> wrote on Wednesday,
April 05, 2006 4:19 PM:

> Oliver Boehmer (oboehmer) wrote on 5/4/2006 8:05:
> 
>> Tassos Chatzithomaoglou <> wrote on Tuesday, April 04, 2006 12:32 PM:
>> 
>> 
>>> Is there a way i can include something extra/unique (besides
>>> username/password) in the auth request of a ppp client?
>>> 
>>> I have a cisco 876 making some adsl/isdn calls and i want to have it
>>> include a user-specified attribute in the dialer auth request. Is
>>> that possible? 
>>> 
>>> I'm asking this because i want radius to be able to tell if both the
>>> adsl & isdn calls originate from the same client.
>> 
>> 
>> You want to configure something at the client so the NAS/BRAS will
>> include some attributes allowing your Radius server to tell if this
>> is the same client? To enforce some per-user session-limit, which
>> allows the ISDN connection even if the PPPoE/DSL session is still up
>> on the BRAS, I guess?
> 
> Yep!!! Exactly that one ;)
> 
> I was looking for something like that on the NAS/BRAS:
> 
> radius-server attribute XX include-in-access-req
> 
> where XX is a used-defined (or even better randomly computed by
> router) attribute on the client side.

The only thing I can think of is the multilink ED, but we don't send
this via Radius, and you'd need to enable multilink. And this one can be
manually configured..

> I'm trying to implement a backup scenario and i need to have both
> adsl & isdn active at the same time, as long as their source is
common.

what about creating another username which can be used only for ISDN
backup? You could possibly use nas-port/type to enforce this..

	oli



More information about the cisco-nas mailing list