[cisco-nas] include extra attribute in the auth request

[Tassos Chatzithomaoglou]

Oliver Boehmer (oboehmer) wrote on 6/4/2006 12:25 πμ:
> Tassos Chatzithomaoglou <mailto:achatz at forthnet.gr> wrote on Wednesday,
> April 05, 2006 4:19 PM:
> 
>> Oliver Boehmer (oboehmer) wrote on 5/4/2006 8:05:
>>
>>> Tassos Chatzithomaoglou <> wrote on Tuesday, April 04, 2006 12:32 PM:
>>>
>>>
>>>> Is there a way i can include something extra/unique (besides
>>>> username/password) in the auth request of a ppp client?
>>>>
>>>> I have a cisco 876 making some adsl/isdn calls and i want to have it
>>>> include a user-specified attribute in the dialer auth request. Is
>>>> that possible? 
>>>>
>>>> I'm asking this because i want radius to be able to tell if both the
>>>> adsl & isdn calls originate from the same client.
>>>
>>> You want to configure something at the client so the NAS/BRAS will
>>> include some attributes allowing your Radius server to tell if this
>>> is the same client? To enforce some per-user session-limit, which
>>> allows the ISDN connection even if the PPPoE/DSL session is still up
>>> on the BRAS, I guess?
>> Yep!!! Exactly that one ;)
>>
>> I was looking for something like that on the NAS/BRAS:
>>
>> radius-server attribute XX include-in-access-req
>>
>> where XX is a used-defined (or even better randomly computed by
>> router) attribute on the client side.
> 
> The only thing I can think of is the multilink ED, but we don't send
> this via Radius, and you'd need to enable multilink. And this one can be
> manually configured..
> 
>> I'm trying to implement a backup scenario and i need to have both
>> adsl & isdn active at the same time, as long as their source is
> common.
> 
> what about creating another username which can be used only for ISDN
> backup? You could possibly use nas-port/type to enforce this..
>

That is exactly what i'm trying to avoid, because i don't want to add more complexity on our 
accounting/logistics service.
I was hoping for an easier solution...:(((

Tassos

> 	oli