Hello--
We have Ascend NASes and a Cisco router that has other NASes connected to it via L2F
tunnels. We are trying to restrict who can telnet to the Cisco router. Previously, we
did not have the NASes connected to the Cisco so access was restricted by placing the
Cisco in a separate realm pointing to a users file that only the users allowed on the
router were in. The Ascend NASes were in another realm pointing to a separate users
file that all of the dialup users authenticated from.
However, now we have dialup users coming through the Cisco from external NASes and
this will not work and essentially anyone could telnet to the router.
First, we created a common users file and used a check item of Service-Type = Framed
User and set administrators(those who needed access to the Cisco) with no Service-Type
check item so they could telnet to the router OR dial in via ppp. But now we realize
(much to our dismay)that we have users who dial into the Ascend's TermSrv with Linux
and older Macs that utilize scripts. When accessing this way the Service-Type is
passed as Login-User and not Framed User.
Does anyone have ideas on this? Essentially we want only a few users telnet access to
the Cisco yet still allow the script users their method of access. I have looked
through the archive some but really I don't know the best way to search for this
issue. Are we approaching this correctly by utilizing check items?
TIA
Frank
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
