Radius attributes necessary for PPP connection into Cisco modem-bank

Mike Partyka mike.partyka at jumpnode.com
Thu Jun 16 23:03:57 CEST 2005


On Jun 16, 2005, at 2:15 PM, Alan DeKok wrote:

> Mike Partyka <Mike.Partyka at jumpnode.com> wrote:..
>
>   Please don't CC me.  I already get enough mail.

Sorry i think i just replied then just before sending thought i CC  
the list. i won't do that again.
>
>
>> The modem dials out to the Cisco modem bank, the modem bank (i am
>> guessing here, as i am not this far) is configured to authenticate
>> against Radius. Radius is configured to talk to Mysql and uses a
>> query that checks the username/password, based on the exit status it
>> accepts or denies the connection request to the modem.
>>
>
>   Yes... (barring the "exit status" confusion)
>
Maybe that was a bad way to describe it, but i really just mean  
accept connection if the userame/password returns true deny if the  
query returns false.
>
>> As i said my PPP knowledge is weak, but isn't what i described part
>> of the PAP/CHAP handshake process that Radius is configured to use?
>>
>
>   No.  Your model does PPP, as does the other end.  You do PAP/CHAP
> over PPP.  The other end takes that PAP/CHAP, and puts it into RADIUS.

I see, thanks for the clarification.
>
>   *Your* end never sees the RADIUS packets, and never talks to the
> MySQL server.  You original post made it sound like that's what you
> wanted to do.

Ahh, i see why you said it would never work, my initial post wasn't a  
good description.
>
>   If you control the Cisco modem bank and the RADIUS server, then you
> can configure the RADIUS server to send the "right" attributes back to
> the Cisco bank.
>
>   It SHOULD do this by default.  Also, consult the Cisco documentation
> to see what attributes it needs to establish a PPP connection, and
> then make FreeRADIUS send those attributes.
An excellent tip and not one i had considered, thanks again.

Regards,





More information about the Freeradius-Users mailing list