--- Jason.Carpenter@citadelgroup.com wrote: That's the problem isn't it? Who decides what can and cant go through. I think the tier approach is better, a basic user account where everything is blocked and a Sysadmin type account where everything is open. If the price is different enough then only people who are going to use those extra ports will actually pay for it. ---------------------------------------------------- We need to take this off-line. All long timers are groaning, rolling their eyes and putting this in their kill file. Try convincing your product managers to create a new product just to appease 'sysadmin types'. scott
Scott Weeks wrote:
We need to take this off-line. All long timers are groaning, rolling their eyes and putting this in their kill file.
Are the long-timers groaning and ignoring this thread? I certainly hope not. It's threads like these that need the benefit of their experience the most. Perhaps the long-timers could recommend a better destination for queries like these because I have more questions I want to ask (my next being about walled gardens). If they're tired of answering the same threads over and over again, then the query must be common enough to warrant a BCP or at the very least a couple documents in a knowledgebase somewhere. Perhaps my Google-fu isn't what it used to be but I couldn't manage to find any relevant docs online; not even a NANOG presentation.
Try convincing your product managers to create a new product just to appease 'sysadmin types'.
We're not in the business of alienating any customers. If we can create a bundle that meets a group of potential customers' needs we will. It's just another paragraph on the sales literature that we give our CSRs and a little more work that I'll have to do in configuration. I'm planning on rolling out SOHO and Gamer packages this year. Adding a SysAdmin package wouldn't be much additional work. I predict the adoption rate to be the highest with the Gamer package, followed by the SOHO package and finally the SysAdmin package. I hope this thread isn't destined for an untimely death. I've received a number of off-list queries for summary information because those individuals are also interested in customer-facing ACLs. The information I have to summarize at this point is brief and incomplete. Justin
On Fri, Mar 07, 2008, Justin Shore wrote:
Scott Weeks wrote:
We need to take this off-line. All long timers are groaning, rolling their eyes and putting this in their kill file.
Are the long-timers groaning and ignoring this thread? I certainly hope not. It's threads like these that need the benefit of their experience the most. Perhaps the long-timers could recommend a better destination for queries like these because I have more questions I want to ask (my next being about walled gardens). If they're tired of answering the same threads over and over again, then the query must be common enough to warrant a BCP or at the very least a couple documents in a knowledgebase somewhere. Perhaps my Google-fu isn't what it used to be but I couldn't manage to find any relevant docs online; not even a NANOG presentation.
*waves* hai, I'm not an old-timer, but I'm still peripherally involved in this. As another poster pointed out, the access-list (and shaping! heh) rules available via RADIUS Vendor AV extensions are very, very useful. The little ISP I poke from time to time makes extensive use of them. The accounting software has some rudimentary profile support, so there's various "types" of customers which get certain RADIUS attributes. This allows for "smart", "home", "business", and "adrian" users. Each gets different ACLs and shaping rules. There's a "walled garden" subnet for clients who haven't paid their bills. I haven't yet sat down and figured out how to drop users into a VRF based on something in the RADIUS reply, as this'd make for some very useful VPN and walled garden implementations, but its certainly on my todo list. Right after "figure out IPv6", which is next on my list. Those running larger Cisco bbagg setups aren't rolling the old-school RADIUS authentication; Cisco apparently have some "better" stuff available now. I can't comment on its effectiveness for accounting/authorisation/filtering.
Try convincing your product managers to create a new product just to appease 'sysadmin types'.
We're not in the business of alienating any customers. If we can create a bundle that meets a group of potential customers' needs we will. It's just another paragraph on the sales literature that we give our CSRs and a little more work that I'll have to do in configuration. I'm planning on rolling out SOHO and Gamer packages this year. Adding a SysAdmin package wouldn't be much additional work. I predict the adoption rate to be the highest with the Gamer package, followed by the SOHO package and finally the SysAdmin package.
I hope this thread isn't destined for an untimely death. I've received a number of off-list queries for summary information because those individuals are also interested in customer-facing ACLs. The information I have to summarize at this point is brief and incomplete.
I'll update the NANOG Wiki with whatever information pops up. Amusingly, a newish WISP out here in Western Australia seems to have not implemented this sort of stuff, and wireless clients on the same node can see other local customers. I think their CPE device is a "bridge", and this is about as dangerous as it sounds. It would be nice to have a BCP or presentation covering the how's and why's for the newer entrants into ths market. (Although that said, why would you help them? In business, you may just want (some of) your competitors to fail. :) Adrian
participants (3)
-
Adrian Chadd
-
Justin Shore
-
Scott Weeks