Hi Paul, 

	I thought the request was to block those without caller-ID/CLID
	In which case, Ethernet>Answer>Id Auth=CLID Require

	would do what you want since it will immediately drop all calls
	which do not present CLID, and refer to the RADIUS server for
	the rest.

	Darkshot was also asking particularly about Wildcard matching
	which is exclusively in the domain of the RADIUS server.

	Most RADIUS servers have a DEFAULT user mechanism, which could be
set
	to (the equivalent of):

	DEFAULT Password="Ascend-CLID", Service-Type=Outbound
	Ascend-Require-Auth=Require-Auth
	
	All users with CLID are accepted, and all without are dropped.

	even if you cannot (or don't want to) do wildcards, you can 
	selectively put in the peoples' clids.

	84139139 Password="Ascend-CLID", Service-Type=Outbound # Greg's CLID
	Ascend-Require-Auth=Require-Auth

	This is in the manuals.

		Greg 

> -----Original Message-----
> From: Paul Gregg [mailto:lists-mail-isp-ascend-users at pgregg.com]
> Sent: Tuesday, August 28, 2001 9:48 PM
> To: ascend-users at bungi.com
> Subject: Re: (ASCEND) Way to block no caller ID?
> 
> 
> No, I don't believe it is possible - nor is it what he asked 
> for in the
> first place. The capabilities of the RADIUS server, although 
> important,
> have nothing to do with the NAS.
> 
> He wants to block specific numbers at pre-auth stage.  (As do I)
> I also want to accept calls both with and without CLID presented.
> I *always* want to authenticate with username and password.
> 
> 
> You can pre-auth the CLID - however, the NAS just gets back 
> an Accept or
> a Deny.  If it gets a Deny, then the unit drops the call.  If 
> it gets an
> Accept then the call is accepted *but* no further username/password is
> required - not good.
> 
> CLID-First - if CLID is available - the call is both accepted and
> 	authenticated on any available CLID.
> 	If the RADIUS reponds with a DENY, then the user can login with
> 	username & password.		Thus not ideal for us.
> 
> CLID-Prefer - This should be the one we want if we have the 
> RADIUS send back
> 	a Ascend-Require-Auth = Require-Auth as the DEFAULT 
> response then
> 	the APX should accept the call, then do username/pw 
> auth - except
> 	it doesn't, it simply acts as CLID first.
> 
> CLID-Require and CLID-Fallback both require CLID and so are 
> not suitable.
> 
> 
> Now, fortunately I'm using Radiator RADIUS and so can modify 
> my PostAuthHook
> to turn an Accept into a Deny for denied CLIDs.
> 
> "Surely, the abuser can withhold their clid and still connect 
> then"?  You
> might say, yes they can and we don't have a problem with that 
> since all
> CLID withheld dialins have a *very* restrictive filter placed 
> on the dialup
> so they can't do anything except browse the web through our 
> caches and pick
> up email (sending denied).
> 
> I'm on an APX ver 9.0.2.
> 
> Paul Gregg
> 
> 
> In article 
> <FAC5C492D24ED511853B00508BB3A0201ECC60 at AU3014EXCH001U> you wrote:
> > 
> > 
> > 	This is easy to do with pre-authentication on the MAX.
> > 
> > 	If the call comes in with a CLID which is not recognized
> > 	(no clid would be one of those), you drop the call before it
> > 	even answers.
> > 
> > 	This is detailed in the TAOS Radius reference guide,
> > 	Max Security Supplement and the MAX Network
> > 	Configuration Guide.
> > 
> > 		Greg 
> > 
> >> -----Original Message-----
> >> From: Darkshot's Lists [mailto:dfl at chudys.com]
> >> Sent: Wednesday, August 22, 2001 12:08 AM
> >> To: ascend-users at bungi.com
> >> Subject: (ASCEND) Way to block no caller ID?
> >> 
> >> 
> >> Is there a way on the Max 4K/6K or   in Radius somehow to
> >> simply refuse to connect a call that has their caller ID
> >> blocked?   Any help/info appreciated-
> >> 
> >> Thanks!
> >> 'Shot
> >> 
> >> ++ Ascend Users Mailing List ++
> >> To unsubscribe:	send unsubscribe to 
> >> ascend-users-request at bungi.com
> >> Archives: http://www.nexial.com/mailinglists/
> >> 
> > ++ Ascend Users Mailing List ++
> > To unsubscribe:	send unsubscribe to 
> ascend-users-request at bungi.com
> > Archives: http://www.nexial.com/mailinglists/
> > 
> 
> -- 
> -- 
> | Paul Gregg			|T: +44 (0) 28 90424190
> | Technical Director		|F: +44 (0) 28 90424709
> | The Internet Business Ltd	|W: http://www.tibus.com
> | Holywood House, Innis Court	|E: info at tibus.com
> | Holywood, Co Down, BT18 9HF	|P: pgregg at tibus.com
> 
> ++ Ascend Users Mailing List ++
> To unsubscribe:	send unsubscribe to 
> ascend-users-request at bungi.com
> Archives: http://www.nexial.com/mailinglists/
> 
++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request at bungi.com
Archives: http://www.nexial.com/mailinglists/