Frank Cui wrote:
Basically we are an education/training environment where we have some students accessing the routers and switches for practise, terminal server are used to consolidate the console access, and these terminal servers authenticate the users through a Radius server (as shown in the following figure). Additionally, the students are categorized into few groups. We want to implement policy on the radius server so that only a certain group can access the pod in a given duration of time (the user should be dropped from the terminal when the subscribed time is reached and cannot access thereafter .)
That should be simple.
However, this doesn't really provide any timing or grouping policy. Could you please provide some hints on how typically the timing limits are enforced with the freeradius and cisco terminal server?
Time limits are set with the Session-Timeout attribute. Past that, you should write down in plain english what you have, and what you want to do. "When I see a packet containing X, I want to reply with Y". Then implement it in "unlang". Alan DeKok.