No, I don't believe it is possible - nor is it what he asked for in the
first place. The capabilities of the RADIUS server, although important,
have nothing to do with the NAS.

He wants to block specific numbers at pre-auth stage.  (As do I)
I also want to accept calls both with and without CLID presented.
I *always* want to authenticate with username and password.


You can pre-auth the CLID - however, the NAS just gets back an Accept or
a Deny.  If it gets a Deny, then the unit drops the call.  If it gets an
Accept then the call is accepted *but* no further username/password is
required - not good.

CLID-First - if CLID is available - the call is both accepted and
	authenticated on any available CLID.
	If the RADIUS reponds with a DENY, then the user can login with
	username & password.		Thus not ideal for us.

CLID-Prefer - This should be the one we want if we have the RADIUS send back
	a Ascend-Require-Auth = Require-Auth as the DEFAULT response then
	the APX should accept the call, then do username/pw auth - except
	it doesn't, it simply acts as CLID first.

CLID-Require and CLID-Fallback both require CLID and so are not suitable.


Now, fortunately I'm using Radiator RADIUS and so can modify my PostAuthHook
to turn an Accept into a Deny for denied CLIDs.

"Surely, the abuser can withhold their clid and still connect then"?  You
might say, yes they can and we don't have a problem with that since all
CLID withheld dialins have a *very* restrictive filter placed on the dialup
so they can't do anything except browse the web through our caches and pick
up email (sending denied).

I'm on an APX ver 9.0.2.

Paul Gregg


In article <FAC5C492D24ED511853B00508BB3A0201ECC60 at AU3014EXCH001U> you wrote:
> 
> 
> 	This is easy to do with pre-authentication on the MAX.
> 
> 	If the call comes in with a CLID which is not recognized
> 	(no clid would be one of those), you drop the call before it
> 	even answers.
> 
> 	This is detailed in the TAOS Radius reference guide,
> 	Max Security Supplement and the MAX Network
> 	Configuration Guide.
> 
> 		Greg 
> 
>> -----Original Message-----
>> From: Darkshot's Lists [mailto:dfl at chudys.com]
>> Sent: Wednesday, August 22, 2001 12:08 AM
>> To: ascend-users at bungi.com
>> Subject: (ASCEND) Way to block no caller ID?
>> 
>> 
>> Is there a way on the Max 4K/6K or   in Radius somehow to
>> simply refuse to connect a call that has their caller ID
>> blocked?   Any help/info appreciated-
>> 
>> Thanks!
>> 'Shot
>> 
>> ++ Ascend Users Mailing List ++
>> To unsubscribe:	send unsubscribe to 
>> ascend-users-request at bungi.com
>> Archives: http://www.nexial.com/mailinglists/
>> 
> ++ Ascend Users Mailing List ++
> To unsubscribe:	send unsubscribe to ascend-users-request at bungi.com
> Archives: http://www.nexial.com/mailinglists/
> 

-- 
-- 
| Paul Gregg			|T: +44 (0) 28 90424190
| Technical Director		|F: +44 (0) 28 90424709
| The Internet Business Ltd	|W: http://www.tibus.com
| Holywood House, Innis Court	|E: info at tibus.com
| Holywood, Co Down, BT18 9HF	|P: pgregg at tibus.com

++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request at bungi.com
Archives: http://www.nexial.com/mailinglists/