[Ascend] Re: (ASCEND) Dynamic filters via RADIUS

Thu May 31 11:32:05 CDT 2001

In article <20010531092420.D31192 at HiWAAY.net> you wrote:
> Once upon a time, Paul Gregg <lists-mail-isp-ascend-users at pgregg.com> said:
>> I understand you can return a Filter-Id = "filtername" to use a predefined
>> filter on the NAS, or you can return a load of Ascend-Data-Filter = "ip ..."
>> lines to supply the filter with the AuthReply.
>> However, I can't seem to make the APX request a filter from the Radius
>> server - I don't want to modify every user entry to add filters to
>> every line - and it would be a real pain to change the filter over a load of
>> users, so defining a few standard filters which can be changed in one place
>> is much preferred.
> 
> If you are using Ascend's RADIUS server (or Cistron RADIUS with my patch
> from http://www.iruntheinter.net/files/cistron/), you can use
> Ascend-Data-Filter attributes to your RADIUS users file to construct
> filters like:
> 
> someuser	Password = "xxxxxxxx"
> 		Framed-IP-Address = 10.1.1.1,
> 		Framed-IP-Netmask = 255.255.255.0,
> 		Ascend-Data-Filter = "ip in forward srcip 10.1.1.0/24",
> 		Ascend-Data-Filter = "generic in drop 0 0 0",
>                 Idle-Timeout = 300
> 
> We use these for anti-spoofing.

Thanks, but I thought I had already shown that I knew that.  What I wanted
to do was be able to reply with Filter-Id = "userfilter",
and if the APX doesn't have "userfilter" it would generate a RADIUS
auth request for Username "userfilter" Password "ascend" and my radius
would reply with multiple Ascend-Data-Filter =  lines...

I specifically *don't* want to do what you are suggesting, as I noted, it'll
be a real PITA to update a single standard type filter across multiple
users (I've got > 20,000 to worry about).

The APX manuals suggest this is possible, but I can't get it to work.

Paul.
-- 
| Paul Gregg			|T: +44 (0) 28 90424190
| Technical Director		|F: +44 (0) 28 90424709
| The Internet Business Ltd	|W: http://www.tibus.com
| Holywood House, Innis Court	|E: info at tibus.com
| Holywood, Co Down, BT18 9HF	|P: pgregg at tibus.com

++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request at bungi.com
Archives: http://www.nexial.com/mailinglists/