[cisco-nas] Autocommand PAD over ISDN
Aaron Leonard
Aaron at cisco.com
Wed May 13 11:30:53 EDT 2009
Hi Geert,
>> username 5554446164 nopassword dnis
>>
>
> What exactly does this do? "use the called-number as user name"?
>
Yes.
> How does this play together with the "aaa authentication login ... radius",
> that is "which username and password will radius see"?
>
Well, this is a local username. I.e. the idea is that with:
aaa authentication login ... local
aaa authorization exec ... local
username 5554446164 nopassword dnis
username 5554446164 autocommand telnet 1.2.3.4
Then: when a client dials into 5554446164, the session will
automatically login as user "5554446164", then automatically execute the
command "telnet 1.2.3.4".
If someone dials into a number that does *not* have a "username <number>
dnis" entry, then that session will be presented with the regular
Username: prompt.
Now, if you want to mix in RADIUS ... there are a couple of approaches.
With something like:
aaa authentication login ... local radius
then matching local users (including DNIS users) will go thru local
authentication / authorization. Non-matching users will go thru RADIUS.
If you want to control everything from RADIUS ... you could do something
similar, with RADIUS preauthentication and cisco-avpair =
"shell:autocmd=telnet 1.2.3.4"
> amazed and curious,
>
> gert
>
Cheers,
Aaron
More information about the cisco-nas
mailing list