[c-nsp] 1k customers down, radius auth on ubr7223
Justin Shore
justin at justinshore.com
Sun Jan 4 13:51:56 EST 2009
Garry wrote:
> Quite a coincidence ... did it take the backups out, too?
I would second this and investigate further. At the very least I would
take steps to secure the data on the servers in question in case it
comes up down the road. Also make absolutely sure that access to the
servers and ubr is restricted to just a couple management IPs, just in
case a disgruntled former tech still has remote access to it. I would
be very specific with the ACLs and specify a couple previously unused
IPs, in case they still have VPN access or some other remote access to
what would normally be considered the management network. You can poke
holes in the filter later once the customers are back up.
>> Can someone quickly tip me as to how to let cable modems work without
>> requiring radius auth? The hardware is ubr7223 ...
Is this CMTS set up for Telco Return? I can't think of any other reason
why you'd need RADIUS. I can't think of any Telco Return systems in
production. I wouldn't call it a normal design, not anymore anyway.
http://www.ciscosystems.com/en/US/docs/cable/cmts/feature/guide/ufg_telc.html
Our CATV environment requires no AUTH from the user. Only registered
CMs (ie, logged in our provisioning system) can pull down an IP. Only
CPEs on registered CMs can pull down an IP at that point. I don't know
how you configure your CMs and ubr for this though. We use Arris CMTSs.
Best of luck
Justin
More information about the cisco-nsp
mailing list