[cisco-nas] Autocommand PAD over ISDN

bordin at cetrel.lu bordin at cetrel.lu
Mon May 18 11:42:08 EDT 2009 

Hello,

Finally, I used a another solution than aaa+username.
Because, with my configuration (resource-pool enable) the AAA 
authorization send always the call to the service "resource-management", 
then a profile is needed.
When I define resource-pool to disable, your method works well, but I need 
resource-pool.

Then I used a resource-pool profile + vty-async virtual-template , and I 
added :



aaa authentication login EMPTY none
aaa authorization exec EMPTY none

line vty 5 7
 authorization exec EMPTY
 login authentication EMPTY

And it works. 
It's not logical because a modem is used and a vty is used, but it works. 
I installed the setup in production.

Thank you very much for your informations.


Patrick






Aaron Leonard <Aaron at cisco.com> 
13/05/2009 20:09

To
Gert Doering <gert at greenie.muc.de>
cc
bordin at Cetrel.LU, cisco-nas at puck.nether.net
Subject
Re: [cisco-nas] Autocommand PAD over ISDN







 ---------------------------------------------------------------
  ATTENTION    ATTENTION    ATTENTION    ATTENTION    ATTENTION
  Ce mail provient de l'exterieur (Internet). Ne prenez aucune
  action basee uniquement sur le contenu de ce mail, meme si
  l'auteur semble etre la direction!                      SEC
 ---------------------------------------------------------------


>>> How does this play together with the "aaa authentication login ... 
radius",
>>> that is "which username and password will radius see"?
>>> 
>> Well, this is a local username.  I.e. the idea is that with:
>>
>> aaa authentication login ... local
>> aaa authorization exec ... local
>> username 5554446164 nopassword dnis
>> username 5554446164 autocommand telnet 1.2.3.4
>>
>> Then: when a client dials into 5554446164, the session will
>> automatically login as user "5554446164", then automatically execute 
the
>> command "telnet 1.2.3.4".
>> 
>
> Even more fascinating :-)
>
> I have been a bit out of touch with "dial technologies on routers" for
> the last few years, and the amount of singing and dancing you can do 
> with Cisco dial-in boxes keeps amazing me.
>
> (Is there a "book of magic" somewhere?  Of course there's reference 
> documentation for all these commands - but that won't tell you what
> magic tricks you can do with the right combination of stuff...)
>
> gert
> 

Well ... I've been pretty much out of the "dial technologies on routers"
business myself, since '03 or so (I now focus on 802.11.)  But generally
speaking, it hasn't changed any since then.

The best general overview of setting up modem services on AS5000 routers
is given in the "Cisco AS5x00 Case Study for Basic IP Modem Services". 
This document has alas gone missing from cisco.com, but it can still be
found for the nonce here, thanks to hsdn.org, whoever they are:
http://noc.hsdn.org/files/univercd/cc/td/doc/product/access/acs_serv/as5800/sw_conf/ax5xip/index.htm

.

That said ... for obscure stuff such as character mode operation (rather
than PPP) ... the best tips are the ones that reside in my private
folder internal to Cisco :-(

Aaron


=======================================================================
This electronic message is not binding on its sender nor on Cetrel S.A.
Any use of information of this mail except the use by the addressee
within his or her business relation with Cetrel is strictly forbidden
CETREL S.A. L-2956 Luxembourg; Tel: 00352 35566-1; http://www.cetrel.lu
=======================================================================

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-nas/attachments/20090518/d4716d3c/attachment.html>

More information about the cisco-nas mailing list