Merit-suggestion: Realm-by-client&port

David Carmean (dave@west.net)
Sat, 4 Nov 1995 14:15:09 -0800 (PST)

With the advent of mixed-service terminal servers like the
Portmaster with BRI cards, the Ascends with optional V.34 modems, etc,
has any thought been given to extending the concept of realm-by-client/NAS
to control access by NAS-Port on a specific (set of) NAS boxes?

For instance, our ISDN customers pay a different rate, and if
I install the Livingston BRI cards in a Portmaster, I'd like to prevent
analog-only customers from using ports 10-29.

Seems like you could extend the format of the clients file to do
something like this:

Client Name Key Ports user/authfile prefix
---------------- -------------- ------- -------------------------
# PM2eR with two 5xBRI cards
pm1.foo.bar ***** [0-9] analog.
pm1.foo.bar ***** [10-29] isdn.
# PM2, all serial/analog.
pm2.foo.bar ******

Now, I don't have access to an Ascend unit with analog modems, so
I don't know how the NAS-Port is reported in that case, and I'm not
sure how extensible this is to other porducts supporting RADIUS...
anybody????

------------------------------------------------------------------------
David Carmean WB6YZM DC574 dave@west.net
System/Network Administrator, WestNet Communications, Inc.
PGP Key Fingerprint: CD 1C C1 15 3E E3 1D 41 ED C2 3E A8 D6 29 BD C4
------------------------------------------------------------------------