[c-nsp] redirect

Anthony D Cennami acennami at neupath.com
Sun Feb 27 10:24:03 EST 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I have performed similar, only I did so by way of policy routing (by
source) and Realm DHCP to assign IPs based on users group and level of
authentication.

This allows you some swing room in who's coming over your network, where
they're routed to (next-hop) and allows for dynamic state changes when a
user "signs up" or what have you.

ACL wasn't really necessary as the default was for a user to get an
unroutable network that was next-hop'ed to a sandbox.


Wim De Houwer wrote:
| Shouldn't be necessary if you implement an ACL to allow only access to
| the ip of the web server
| (if the user is a little smarter, he'll read the message on the site and
| do what you ask),
|
| we also wrote a pop3 server which would send the same mail always when
| the user pops his mail.
|
| This way you have several ways to get the announcement across
|
| Cheers,
|
| Wim
|
| -----Original Message-----
| From: Anthony D Cennami [mailto:acennami at neupath.com]
| Sent: zondag 27 februari 2005 0:22
| To: Wim De Houwer
| Cc: Cisco-Nsp
| Subject: Re: [c-nsp] redirect
|
| Except when someone smart enough realizes what's going on and uses their
| own DNS servers.  An application like this needs to be used in
| conjunction with some form of policy routing or proxying.
|
|
| Wim De Houwer wrote:
| | Simplest thing is what we call a 'walled garden'
| |
| | Set-up A dns server which responds with the same address whatever you
| | ask it.
| | Set-up a web server with only one page on it (don't use external links
| | and also think about 404's and stuff).
| | Provide that dns server (and an acl, allowing access to only that ip)
| | via your radius.
| |
| | Done ...
| |
| | Cheers,
| |
| | Wim
| |
| | -----Original Message-----
| | From: Corneliu Tanasa [mailto:ctanasa at i-net.ro]
| | Sent: zaterdag 26 februari 2005 20:53
| | To: 'Melvin C. Etheridge'; 'Cisco-Nsp'
| | Subject: RE: [c-nsp] redirect
| |
| | What exactly do you want to achieve?  To restrict them to access a
| | certain
| | web page? Or that whatever they type into the browser to be redirected
| | to
| | the same page?
| | C
| |
| | -----Original Message-----
| | From: cisco-nsp-bounces at puck.nether.net
| | [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Melvin C.
| | Etheridge
| | Sent: Saturday, February 26, 2005 6:08 PM
| | To: Cisco-Nsp
| | Subject: [c-nsp] redirect
| |
| | How do I force dialup users to just one web page on a 5300?
| |
| | Thanks,
| |
| | Mel
| | _______________________________________________
| | cisco-nsp mailing list  cisco-nsp at puck.nether.net
| | https://puck.nether.net/mailman/listinfo/cisco-nsp
| | archive at http://puck.nether.net/pipermail/cisco-nsp/
| |
| |
| | _______________________________________________
| | cisco-nsp mailing list  cisco-nsp at puck.nether.net
| | https://puck.nether.net/mailman/listinfo/cisco-nsp
| | archive at http://puck.nether.net/pipermail/cisco-nsp/
| |
| |
| | _______________________________________________
| | cisco-nsp mailing list  cisco-nsp at puck.nether.net
| | https://puck.nether.net/mailman/listinfo/cisco-nsp
| | archive at http://puck.nether.net/pipermail/cisco-nsp/
|
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (MingW32)

iD8DBQFCIeYT7cvhxFHN1r0RAkJpAKDss8pT+WixK5hHopn74yDu/uuY8gCfTS3J
qioxv+15AQd92nCghRiHF0k=
=f34v
-----END PGP SIGNATURE-----


More information about the cisco-nsp mailing list