[cisco-nas] DDR - delay dialup based on authentication failure?
David Freedman
david.freedman at uk.clara.net
Mon Dec 10 13:34:16 EST 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
~ Have a situation where a user uses a dial number which only allows
access between 7AM and 7PM based on a plan that they subscribe to.
They are currently doing this by making an ISDN call from an cisco 800
with DDR.
At 7PM they are disconnected and can not connect until 7AM the next morning.
Between 7PM and 7AM the following morning, they continually attempt to
dial into the service causing the lots of authentication failures.
I can't seem to find a way of delaying the authentication when there is
a failure, I've looked at the following:
1. dialer redial interval
Seems only to account for redials where the ISDN call did not establish.
Seems to be useless for when the call was successful but LCP setup was
rejected.
2. ppp max-failure
Will cause complete disconnection from the service after they exceed the
maximum number of attempts, this is useless of course, they need manual
intervention to restore service
3. ppp lcp delay X random Y
Just injects random delay into the LCP, not really useful here I think
4. time based ACL for the dialer
Is kind of useful , other than changing the users profile can no longer
be done centrally, their configuration needs to be modified
Does anybody know a way I can rate-limit dial attempts based on PPP LCP
failure?
thanks in advance,
- --
David Freedman
Network Engineering Department
Claranet UK Limited
http://www.clara.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFHXYaotFWeqpgEZrIRAjpEAKC/6sqK6gG8nePUSkZxPREelN4u2gCfV+78
0ssrMFhvmeqIPr7kAFMQz7g=
=mj3d
-----END PGP SIGNATURE-----
More information about the cisco-nas
mailing list