Using FreeRadius to coordinate access to cisco routers based on time

Alan DeKok aland at
Fri May 23 17:52:36 CEST 2014

Frank Cui wrote:
> Basically we are an education/training environment where we have some
> students accessing the routers and switches for practise, terminal
> server are used to consolidate the console access, and these terminal
> servers authenticate the users through a Radius server (as shown in the
> following figure). Additionally, the students are categorized into few
> groups. We want to implement policy on the radius server so that only a
> certain group can access the pod in a given duration of time (the user
> should be dropped from the terminal when the subscribed time is reached
> and cannot access thereafter .) 

  That should be simple.

> However, this doesn't really provide any timing or grouping policy.
> Could you please provide some hints on how typically the timing limits
> are enforced with the freeradius and cisco terminal server?

  Time limits are set with the Session-Timeout attribute.

  Past that, you should write down in plain english what you have, and
what you want to do.

  "When I see a packet containing X, I want to reply with Y".

  Then implement it in "unlang".

  Alan DeKok.

More information about the Freeradius-Users mailing list