Once upon a time, Paul Gregg <lists-mail-isp-ascend-users at pgregg.com> said: > I understand you can return a Filter-Id = "filtername" to use a predefined > filter on the NAS, or you can return a load of Ascend-Data-Filter = "ip ..." > lines to supply the filter with the AuthReply. > However, I can't seem to make the APX request a filter from the Radius > server - I don't want to modify every user entry to add filters to > every line - and it would be a real pain to change the filter over a load of > users, so defining a few standard filters which can be changed in one place > is much preferred. If you are using Ascend's RADIUS server (or Cistron RADIUS with my patch from http://www.iruntheinter.net/files/cistron/), you can use Ascend-Data-Filter attributes to your RADIUS users file to construct filters like: someuser Password = "xxxxxxxx" Framed-IP-Address = 10.1.1.1, Framed-IP-Netmask = 255.255.255.0, Ascend-Data-Filter = "ip in forward srcip 10.1.1.0/24", Ascend-Data-Filter = "generic in drop 0 0 0", Idle-Timeout = 300 We use these for anti-spoofing. -- Chris Adams <cmadams at hiwaay.net> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble. ++ Ascend Users Mailing List ++ To unsubscribe: send unsubscribe to ascend-users-request at bungi.com Archives: http://www.nexial.com/mailinglists/