Mailing List Archive

DDR - delay dialup based on authentication failure?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

~ Have a situation where a user uses a dial number which only allows
access between 7AM and 7PM based on a plan that they subscribe to.

They are currently doing this by making an ISDN call from an cisco 800
with DDR.

At 7PM they are disconnected and can not connect until 7AM the next morning.

Between 7PM and 7AM the following morning, they continually attempt to
dial into the service causing the lots of authentication failures.

I can't seem to find a way of delaying the authentication when there is
a failure, I've looked at the following:

1. dialer redial interval

Seems only to account for redials where the ISDN call did not establish.
Seems to be useless for when the call was successful but LCP setup was
rejected.

2. ppp max-failure

Will cause complete disconnection from the service after they exceed the
maximum number of attempts, this is useless of course, they need manual
intervention to restore service

3. ppp lcp delay X random Y

Just injects random delay into the LCP, not really useful here I think

4. time based ACL for the dialer

Is kind of useful , other than changing the users profile can no longer
be done centrally, their configuration needs to be modified


Does anybody know a way I can rate-limit dial attempts based on PPP LCP
failure?

thanks in advance,


- --
David Freedman
Network Engineering Department
Claranet UK Limited
http://www.clara.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHXYaotFWeqpgEZrIRAjpEAKC/6sqK6gG8nePUSkZxPREelN4u2gCfV+78
0ssrMFhvmeqIPr7kAFMQz7g=
=mj3d
-----END PGP SIGNATURE-----
_______________________________________________
cisco-nas mailing list
cisco-nas@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nas
Re: DDR - delay dialup based on authentication failure? [ In reply to ]
Hi David,

"dialer wait-for-line-protocol" will cause dialer to consider upper
layer (e.g. PPP IPCP) success. See
http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a0080087bba.html#xtocid150369
.

Hth,

Aaron

----

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi,
>
> ~ Have a situation where a user uses a dial number which only allows
> access between 7AM and 7PM based on a plan that they subscribe to.
>
> They are currently doing this by making an ISDN call from an cisco 800
> with DDR.
>
> At 7PM they are disconnected and can not connect until 7AM the next morning.
>
> Between 7PM and 7AM the following morning, they continually attempt to
> dial into the service causing the lots of authentication failures.
>
> I can't seem to find a way of delaying the authentication when there is
> a failure, I've looked at the following:
>
> 1. dialer redial interval
>
> Seems only to account for redials where the ISDN call did not establish.
> Seems to be useless for when the call was successful but LCP setup was
> rejected.
>
> 2. ppp max-failure
>
> Will cause complete disconnection from the service after they exceed the
> maximum number of attempts, this is useless of course, they need manual
> intervention to restore service
>
> 3. ppp lcp delay X random Y
>
> Just injects random delay into the LCP, not really useful here I think
>
> 4. time based ACL for the dialer
>
> Is kind of useful , other than changing the users profile can no longer
> be done centrally, their configuration needs to be modified
>
>
> Does anybody know a way I can rate-limit dial attempts based on PPP LCP
> failure?
>
> thanks in advance,
>
>
> - --
> David Freedman
> Network Engineering Department
> Claranet UK Limited
> http://www.clara.net
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2.2 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFHXYaotFWeqpgEZrIRAjpEAKC/6sqK6gG8nePUSkZxPREelN4u2gCfV+78
> 0ssrMFhvmeqIPr7kAFMQz7g=
> =mj3d
> -----END PGP SIGNATURE-----
> _______________________________________________
> cisco-nas mailing list
> cisco-nas@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nas
>

_______________________________________________
cisco-nas mailing list
cisco-nas@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nas