[nsp] Time limiting ISDN connections
Dave [Hawk-Systems]
dave@hawk-systems.com
Fri, 11 Oct 2002 09:39:36 -0400
We had just gotten that far on the Cisco NAS list... though they didn't come up
with that resource.
Here is a question though. The Cisco 800 series apparently doesn't have a
battery backup for the system clock. when you power the router, the clock resets
to 1900 Sun Feb 28, 1993
If this happens during a weekday (power outage, user playing with switches) this
could result in denied service for a significant period of time.
My guess would be a solution that would set an additional auth time for the
period that the clock reads on bootup, to allow the router to connect and update
its clock via sntp.
access-list 100 permit ip any any time-range BusHours
access-list 100 permit ip any any time-range RebootHours
access-list 100 deny ip any any
!
time-range BusHours
periodic weekdays 6:00 to 18:00
!
time-range RebootHours
absolute start 19:00 28 February 1993 end 20:00 28 February 1993
!
Thanks
Dave
>-----Original Message-----
>From: cisco-nsp-admin@puck.nether.net
>[mailto:cisco-nsp-admin@puck.nether.net]On Behalf Of Josh Duffek
>Sent: Thursday, October 10, 2002 4:16 PM
>To: nicholas harteau; Dave [Hawk-Systems]
>Cc: cisco-nsp@puck.nether.net
>Subject: Re: [nsp] Time limiting ISDN connections
>
>
>lets close the "can of worms"...just remember "time based ddr" when
>searching CCO for this:
>http://www.cisco.com/warp/public/793/access_dial/10.html
>
>joshd.
>
>----- Original Message -----
>From: "nicholas harteau" <nrh@ikami.com>
>To: "Dave [Hawk-Systems]" <dave@hawk-systems.com>
>Cc: <cisco-nsp@puck.nether.net>
>Sent: Wednesday, October 09, 2002 3:04 PM
>Subject: Re: [nsp] Time limiting ISDN connections
>
>
>>
>> You're opening a huge can of worms here. Customers are going to end up
>> redailing and racking up huge phone bills. ISDN redials awfully fast,
>> and that nickel per call can add up amazingly quick.
>>
>> I'd recommend putting a relay inline at the remote end and opening the
>> pairs when you don't want them calling ;)
>>
>> Dave [Hawk-Systems] wrote:
>> > Cisco 800 and 1000 series connecting to AS5300 access server.
>> >
>> > Would like to limit some ISDN clients to "business hours" only, or "off
>peak"
>> > hours.
>> >
>> > With RADIUS we can determine the time of the login request and validate
>against
>> > the hours that client is allowed to be connected and auth or not auth
>based on
>> > that.
>> >
>> > Can we send an AVpair down to the router to instructed it (or the NAS)
>to
>> > disconnect the ISDN call(s) at the appointed time... Say use is allowed
>to log
>> > in from 6am to 6pm... instructed a dialup request at 5pm to disconnect
>in 1
>> > hour.
>> >
>> > Would prefer to initiate from the RADIUS server, and avoid having to
>kick
>> > accounts via SNMP or mannual login to the NAS (messy).
>> >
>> > thanks
>> >
>> > Dave
>> >
>> > _______________________________________________
>> > cisco-nsp mailing list real_name)s@puck.nether.net
>> > http://puck.nether.net/mailman/listinfo/cisco-nsp
>> > archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>> --
>> nicholas harteau
>> nrh@ikami.com
>>
>> _______________________________________________
>> cisco-nsp mailing list real_name)s@puck.nether.net
>> http://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>
>_______________________________________________
>cisco-nsp mailing list real_name)s@puck.nether.net
>http://puck.nether.net/mailman/listinfo/cisco-nsp
>archive at http://puck.nether.net/pipermail/cisco-nsp/
>