Restrict tel-numbers for Dial-Out with AS5300 using RADIUS

[DerStephan]

Hi,

We have a AS5300 with a MICA modem and some work-pc's that have Dialout EZ installed on them, so the people can use the MICA modem remotely to make dial-outs. The users are authenticatet using Cisco Secure ACS.
Is it possible to restrict the dialable telephone numbers for thease workers? Maybe in the profile for them on Cisco Secure or directly on the AS5300?

Many thanks in advance

Stephan

 

[rtfmdude]

stephan,

errr...I don't think so. I thought real hard on this. (heh)

the problem is that dialout ez initiates a reverse telnet to a mica on a binary port, if I remember correctly, and the only time radius is invoked is when the connection is established - radius doesn't do anything after that. The rest is all AT commandset stuff to the mica.

the ONLY thing I can think of is that if you knew the 'bad' numbers, or could create a wildcard-ish match somehow is to configure the 'isdn map address' command under the PRI interfaces(if you're doing isdn and not cas) to -break- the calls that you don't want, like, let's say calls going to 1-800-863-5478. I think you could do something like this:

!
interface serial 1/0:23
...
isdn map address 18008635478 plan ermes type international
...
!

or, for all 1800 numbers, something like:

isdn map address 1800* plan ermes type international

ermes is some sorta u.k. thing and type international is telling the network that this is an international call. I suppose this could actually go overseas, but I doubt it - hopefully, the telco is like, 'wtf?' and rejects that call since you screwed up the plan and type. Play with the plan and type values if that doesn't work.

http://tinyurl.com/csozc

(command ref for isdn map)