Using FreeRadius to coordinate access to cisco routers based on time
Alan DeKok
aland at deployingradius.com
Fri May 23 17:52:36 CEST 2014
Frank Cui wrote:
> Basically we are an education/training environment where we have some
> students accessing the routers and switches for practise, terminal
> server are used to consolidate the console access, and these terminal
> servers authenticate the users through a Radius server (as shown in the
> following figure). Additionally, the students are categorized into few
> groups. We want to implement policy on the radius server so that only a
> certain group can access the pod in a given duration of time (the user
> should be dropped from the terminal when the subscribed time is reached
> and cannot access thereafter .)
That should be simple.
> However, this doesn't really provide any timing or grouping policy.
> Could you please provide some hints on how typically the timing limits
> are enforced with the freeradius and cisco terminal server?
Time limits are set with the Session-Timeout attribute.
Past that, you should write down in plain english what you have, and
what you want to do.
"When I see a packet containing X, I want to reply with Y".
Then implement it in "unlang".
Alan DeKok.
More information about the Freeradius-Users
mailing list