связка Cisco (Dialup Server) + WIN 2000 (Radius Server)
При дозвоне пользователей WIN все нормально работает, правильно раздает и недает пользователям самостоятельно брать IP адреса.

Но вот появилась необходимость Backup канала из филлиала на эту связку
все настроил, работает, но как оказалось если дозванивается роутер, и у него есть свой IP адрес соединение все равно устанавливается

Server Config:

aaa authentication login default local group radius enable
aaa authentication ppp default local group radius
aaa authorization network default local group radius if-authenticated

chat-script cscb ABORT ERROR "" "AT Z" OK "ATDPw \T"  TIMEOUT 60 CONNECT \c
chat-script csoh "" "ATH1" OK

interface Async1
description Dialup aux UsRobotics
bandwidth 28
ip address 192.168.0.1 255.255.255.0
ip nat inside
encapsulation ppp
no ip mroute-cache
no logging event link-status
async default routing
async mode dedicated
peer default ip address pool Dialup_Remote
no fair-queue
ppp max-bad-auth 3
ppp callback permit
ppp authentication pap

ip local pool Dialup_Remote 192.168.0.2 192.168.0.8

radius-server host 192.168.1.254 auth-port 1645 acct-port 1646
radius-server key Cisco

line aux 0
location Dialup Aux UsRobotics
access-class RemoteADM in
script dialer cscb
script modem-off-hook csoh
script callback cscb
modem InOut
exec-character-bits 8
special-character-bits 8
transport preferred none
transport input telnet ssh
escape-character BREAK
stopbits 1
speed 38400
flowcontrol hardware

Client Config:

chat-script RESET "" "ATZ" "OK" ""
chat-script dial ABORT ERROR ABORT BUSY "" AT OK "ATDT\T" TIMEOUT 30 CONNECT

interface Async1
bandwidth 28
ip address 192.168.0.56 255.255.255.0
ip accounting output-packets
encapsulation ppp
no ip mroute-cache
no logging event link-status
dialer in-band
dialer map ip 172.20.1.0 name Server NNNNNN
dialer watch-disable 20
dialer watch-group 1
dialer-group 1
async mode dedicated
peer default ip address 192.168.0.1
no fair-queue
ppp max-bad-auth 3
ppp authentication pap
ppp pap sent-username Client password Client
routing dynamic

access-list 101 deny   eigrp any any
access-list 101 permit ip any any
dialer watch-list 1 ip 172.20.1.0 255.255.255.0
dialer watch-list 1 delay route-check initial 30
dialer watch-list 1 delay connect 120
dialer watch-list 1 delay disconnect 30
dialer-list 1 protocol ip list 101

Debug Server:

Dec 26 14:44:48: As1 PPP: Phase is UP
Dec 26 14:44:48: As1 IPCP: O CONFREQ [Closed] id 1 len 10
Dec 26 14:44:48: As1 IPCP:    Address 192.168.0.1 (0x03060A0B0001)
Dec 26 14:44:48: As1 PPP: Process pending ncp packets
Dec 26 14:44:48: As1 IPCP: I CONFREQ [REQsent] id 1 len 10
Dec 26 14:44:48: As1 IPCP:    Address 192.168.0.56 (0x03060A0B0101)
Dec 26 14:44:48: As1 AAA/AUTHOR/IPCP: Start.  Her address 192.168.0.56, we want 0.0.0.0
Dec 26 14:44:48: RADIUS/ENCODE(00000045): send packet; PASS
Dec 26 14:44:48: As1 AAA/AUTHOR/IPCP: Done.  Her address 192.168.0.56, we want 192.168.0.21
Dec 26 14:44:48: As1 IPCP: O CONFNAK [REQsent] id 1 len 10
Dec 26 14:44:48: As1 IPCP:    Address 192.168.0.21 (0x03060A0B011E)
Dec 26 14:44:48: As1 IPCP: I CONFACK [REQsent] id 1 len 10
Dec 26 14:44:48: As1 IPCP:    Address 192.168.0.1 (0x03060A0B0001)
Dec 26 14:44:48: As1 PPP: Outbound ip packet dropped, IPCP state is ACKrcvd
Dec 26 14:44:49: As1 IPCP: I CONFREQ [ACKrcvd] id 2 len 4
Dec 26 14:44:49: As1 AAA/AUTHOR/IPCP: Start.  Her address 0.0.0.0, we want 192.168.0.21
Dec 26 14:44:49: As1 AAA/AUTHOR/IPCP: Done.  Her address 0.0.0.0, we want 192.168.0.21
Dec 26 14:44:49: As1 IPCP: O CONFACK [ACKrcvd] id 2 len 4
Dec 26 14:44:49: As1 IPCP: State is Open
Dec 26 14:44:49: As1 IPCP: Install route to 192.168.0.21
Dec 26 14:44:49: As1 IPCP: Add link info for cef entry 192.168.0.21

Пользователю Client на RADIUS сервере соответствуев адрес 192.168.0.21
Подскажите пожалуйста как настроить сервер, чтобы он не устанавливал соединения с теми клиентами которые пытаются установить  свой IP адрес на PPP.

• Dialup + Radius, AiratX, 15:12 , 26-Дек-05, (1)