Using FreeRadius to coordinate access to cisco routers based on time

Alan DeKok aland at
Fri May 23 19:17:17 CEST 2014

Frank Cui wrote:
> I have tested to change the user config file to be :
> cisco Auth-Type := System
>       Service-Type = NAS-Prompt-User,
>       Cisco-AVPair = "shell:priv-lvl=15",
>       Session-Timeout = 20

  Which is 20 seconds.  Probably not what you want.

> But it doesn't seem to resolve the problem, not sure if the Cisco
> terminal server requires any special configs other than the following :
> aaa new-model
> aaa authentication login default group radius local none
> aaa authorization exec default group radius if-authenticated 
> aaa accounting exec default start-stop group radius
> aaa accounting network default start-stop group radius
> aaa accounting connection default start-stop group radius

  The NAS might not pay attention to Session-Timeout.  NASes are like

  Alan DeKok.

More information about the Freeradius-Users mailing list