[nsp] Time limiting ISDN connections

nicholas harteau nrh@ikami.com
Thu, 10 Oct 2002 15:20:39 -0500


Dial on demand is great, but if you're denying auth on the receiving
end, you're still running too high a risk if you ask me.  Simple
configuration mistakes and desyncronized clocks become very expensive
mistakes.

Though it seems all this has been mitigated in this particular case, so
hurrah!

Josh Duffek wrote:
> lets close the "can of worms"...just remember "time based ddr" when
> searching CCO for this:
> http://www.cisco.com/warp/public/793/access_dial/10.html
> 
> joshd.
> 
> ----- Original Message -----
> From: "nicholas harteau" <nrh@ikami.com>
> To: "Dave [Hawk-Systems]" <dave@hawk-systems.com>
> Cc: <cisco-nsp@puck.nether.net>
> Sent: Wednesday, October 09, 2002 3:04 PM
> Subject: Re: [nsp] Time limiting ISDN connections
> 
> 
> >
> > You're opening a huge can of worms here.  Customers are going to end up
> > redailing and racking up huge phone bills.  ISDN redials awfully fast,
> > and that nickel per call can add up amazingly quick.
> >
> > I'd recommend putting a relay inline at the remote end and opening the
> > pairs when you don't want them calling ;)
> >
> > Dave [Hawk-Systems] wrote:
> > > Cisco 800 and 1000 series connecting to AS5300 access server.
> > >
> > > Would like to limit some ISDN clients to "business hours" only, or "off
> peak"
> > > hours.
> > >
> > > With RADIUS we can determine the time of the login request and validate
> against
> > > the hours that client is allowed to be connected and auth or not auth
> based on
> > > that.
> > >
> > > Can we send an AVpair down to the router to instructed it (or the NAS)
> to
> > > disconnect the ISDN call(s) at the appointed time...  Say use is allowed
> to log
> > > in from 6am to 6pm...  instructed a dialup request at 5pm to disconnect
> in 1
> > > hour.
> > >
> > > Would prefer to initiate from the RADIUS server, and avoid having to
> kick
> > > accounts via SNMP or mannual login to the NAS (messy).
> > >
> > > thanks
> > >
> > > Dave
> > >
> > > _______________________________________________
> > > cisco-nsp mailing list  real_name)s@puck.nether.net
> > > http://puck.nether.net/mailman/listinfo/cisco-nsp
> > > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
> > --
> > nicholas harteau
> > nrh@ikami.com
> >
> > _______________________________________________
> > cisco-nsp mailing list  real_name)s@puck.nether.net
> > http://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >

-- 
nicholas harteau
nrh@ikami.com