[cisco-nas] DDR - delay dialup based on authentication failure?

Aaron Leonard Aaron at cisco.com
Mon Dec 10 13:43:04 EST 2007


Hi David,

"dialer wait-for-line-protocol" will cause dialer to consider upper 
layer (e.g. PPP IPCP) success.  See 
http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a0080087bba.html#xtocid150369 
.

Hth,

Aaron

----

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi,
>
> ~ Have a situation where a user uses a dial number which only allows
> access between 7AM and 7PM based on a plan that they subscribe to.
>
> They are currently doing this by making an ISDN call from an cisco 800
> with DDR.
>
> At 7PM they are disconnected and can not connect until 7AM the next morning.
>
> Between 7PM and 7AM the following morning, they continually attempt to
> dial into the service causing the lots of authentication failures.
>
> I can't seem to find a way of delaying the authentication when there is
> a failure, I've looked at the following:
>
> 1. dialer redial interval
>
> Seems only to account for redials where the ISDN call did not establish.
> Seems to be useless for when the call was successful but LCP setup was
> rejected.
>
> 2. ppp max-failure
>
> Will cause complete disconnection from the service after they exceed the
> maximum number of attempts, this is useless of course, they need manual
> intervention to restore service
>
> 3. ppp lcp delay X random Y
>
> Just injects random delay into the LCP, not really useful here I think
>
> 4. time based ACL for the dialer
>
> Is kind of useful , other than changing the users profile can no longer
> be done centrally, their configuration needs to be modified
>
>
> Does anybody know a way I can rate-limit dial attempts based on PPP LCP
> failure?
>
> thanks in advance,
>
>
> - --
> David Freedman
> Network Engineering Department
> Claranet UK Limited
> http://www.clara.net
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2.2 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFHXYaotFWeqpgEZrIRAjpEAKC/6sqK6gG8nePUSkZxPREelN4u2gCfV+78
> 0ssrMFhvmeqIPr7kAFMQz7g=
> =mj3d
> -----END PGP SIGNATURE-----
> _______________________________________________
> cisco-nas mailing list
> cisco-nas at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nas
>   



More information about the cisco-nas mailing list