Aaron at cisco
Dec 10, 2007, 10:43 AM
Post #2 of 2
Re: DDR - delay dialup based on authentication failure?
[In reply to]
"dialer wait-for-line-protocol" will cause dialer to consider upper
layer (e.g. PPP IPCP) success. See
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> ~ Have a situation where a user uses a dial number which only allows
> access between 7AM and 7PM based on a plan that they subscribe to.
> They are currently doing this by making an ISDN call from an cisco 800
> with DDR.
> At 7PM they are disconnected and can not connect until 7AM the next morning.
> Between 7PM and 7AM the following morning, they continually attempt to
> dial into the service causing the lots of authentication failures.
> I can't seem to find a way of delaying the authentication when there is
> a failure, I've looked at the following:
> 1. dialer redial interval
> Seems only to account for redials where the ISDN call did not establish.
> Seems to be useless for when the call was successful but LCP setup was
> 2. ppp max-failure
> Will cause complete disconnection from the service after they exceed the
> maximum number of attempts, this is useless of course, they need manual
> intervention to restore service
> 3. ppp lcp delay X random Y
> Just injects random delay into the LCP, not really useful here I think
> 4. time based ACL for the dialer
> Is kind of useful , other than changing the users profile can no longer
> be done centrally, their configuration needs to be modified
> Does anybody know a way I can rate-limit dial attempts based on PPP LCP
> thanks in advance,
> - --
> David Freedman
> Network Engineering Department
> Claranet UK Limited
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v184.108.40.206 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> -----END PGP SIGNATURE-----
> cisco-nas mailing list
> cisco-nas [at] puck
cisco-nas mailing list
cisco-nas [at] puck