From owner-freebsd-isp Wed Jul 2 08:59:42 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id IAA11623 for isp-outgoing; Wed, 2 Jul 1997 08:59:42 -0700 (PDT) Received: from skipper.epsilon.nl (skipper.epsilon.nl [194.178.91.12]) by hub.freebsd.org (8.8.5/8.8.5) with SMTP id IAA11614 for ; Wed, 2 Jul 1997 08:59:36 -0700 (PDT) Received: from wampie (wampie.bART.nl [194.158.168.50]) by skipper.epsilon.nl (8.6.12/8.6.12) with SMTP id RAA27973; Wed, 2 Jul 1997 17:43:13 +0200 Message-Id: <199707021543.RAA27973@skipper.epsilon.nl> X-Mailer: Microsoft Outlook Express 4.71.0544.0 From: "Jouke Dijkstra" To: "Aleksei Davidenko" , "Penisoara Adrian" Cc: Subject: Re: Cisco 2509 and Tacacs+ Filtering Date: Wed, 2 Jul 1997 17:39:31 +0200 X-Priority: 3 X-MSMail-Priority: Normal MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-MimeOLE: Produced By Microsoft MimeOLE Engine V4.71.0544.0 Sender: owner-isp@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk >> Can I in TACACS+ server or in FreeBSD deny some >> TCP/IP or UDP services for modem accounts through Cisco 2509 RAS ? >Good question, I was about to ask this too, I'll need that answer myself >too... > > How about some guru to shed some light on this item ? Please ... > And further more, please indicate me some links to documentation related >to TACAS+ & Cisco Access router. Thanks. > Well, I don't think I can call myself a guru, but the following might be of your interest, a little tweak of the configuration I used once: user = user { member = mail_only chap = cleartext password } group = mail_only { member = default service = ppp protocol = ip { inacl=101 outacl=102 } } group = default { your default stuff goes here } This shows only a very limited part of the posibilities of tac+, but I think this is the part you're interested in. If you have any other questions to ask concerning tacacs+, don't feel afraid to ask! - Jouke Dijkstra bART System Administrator