[c-nsp] Is there any Cisco router that can..
Matthew Crocker
matthew at crocker.com
Mon Feb 13 08:16:12 EST 2006
Could you create different virtual firewalls with different policies
in your firewall? If so, can you then attach them to different
VLANs and have your NAS connect the customer to the correct VLAN/
VRF. That way you won't know the user ID but you should know their
class.
-Matt
On Feb 13, 2006, at 1:16 AM, Mohsen A. Momeni wrote:
>> Hi,
>>> use "aaa accounting delay-start", and the NAS will delay the
>>> accounting-start record for PPP sessions until the remote IP address
>>> is known..
>
> I searched more about my problem and I found out that the solution may
> be a function of router, so let me tell you my problem:
> I have configured a cisco router (NAS) to authenticate dialup users
> through a RADIUS server. After authentiucation, the traffic is passed
> to a firewall for traffic control. Now I need to authenticate the
> users (For applying account policies) in firewall but not for the
> second time. Can the router be configured to work with the firewall to
> provide this functionality?
>
> Regards,
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
--
Matthew S. Crocker
Vice President
Crocker Communications, Inc.
Internet Division
PO BOX 710
Greenfield, MA 01302-0710
http://www.crocker.com
More information about the cisco-nsp
mailing list