I'm having a heck of a time putting together the correct RADIUS attribute/value pairs to successfully filter a particular user. Here's my setup: Max 400x running 5.0ap5 (runs great) Ascend RADIUS (with some heavy mods which are completely unrelated) Ascend/Livingston RADIUS dictionaries have been merged- no trouble there. The maxes are loaded with either 12-mod cards or 8-mod cards on T1 lines. The Maxen have a very simple setup, they only bring in the dialup traffic to our LAN, so the routing is really simple on the inside of the MAX. Here's what I'm trying to do: Specify in RADIUS a filter for a user to allow them only to connect to port 53 (dns) of one machine on our LAN, with either tcp or udp, and no icmp anywhere. Here's a sample filter I created which will filter out all ICMP traffic coming from the dialup user "willp2". It's a regular PPP connection, and the netmask is all bits high, which is just right, and this filter works just fine. Whenever I've tried to put in a dstip aa.bb.cc.dd or dstip aa.bb.cc.dd/xx, the filter does not work as intended. Here's the sample ICMP filter. (Useful if you have a user who sends pingfloods, I suppose.) willp2 Password = "UNIX" User-Service-Type = Framed-User, Framed-Protocol = PPP, Framed-Netmask = 255.255.255.255, Framed-Routing = None, Framed-MTU = 1500, Ascend-Data-Filter = "ip in forward tcp", Ascend-Data-Filter = "ip in forward udp", Ascend-Data-Filter = "ip out drop icmp", Ascend-Data-Filter = "ip out forward" If anyone has any sample IP filters that work, I'd love to see what the proper syntax, ordering, parameters, or whatever it is I'm doing wrong is supposed to be. The max manual is pretty flakey on filters-via-RADIUS user profiles. Thanks in advance! -Will -- Will Pierce System Administrator Dreamscape Online, LLC. willp@dreamscape.com ++ Ascend Users Mailing List ++ To unsubscribe: send unsubscribe to ascend-users-request@bungi.com To get FAQ'd: <<A HREF="http://www.shore.net/~dreaming/ascend-faq">http://www.shore.net/~dreaming/ascend-faq</A>> or <<A HREF="ftp://ftp.shore.net/members/dreaming/ascend-faq.txt">ftp://ftp.shore.net/members/dreaming/ascend-faq.txt</A>> </PRE> <!--X-MsgBody-End--> <!--X-Follow-Ups--> <!--X-Follow-Ups-End--> <!--X-References--> <!--X-References-End--> <!--X-BotPNI--> <HR> <UL> <LI>Prev by Date: <STRONG><A HREF="msg04863.html">Re: (ASCEND) 5.0Apx problems...</A></STRONG> </LI> <LI>Next by Date: <STRONG><A HREF="msg04861.html">(ASCEND) 5.0Apx problems...</A></STRONG> </LI> <LI>Prev by thread: <STRONG><A HREF="msg05330.html">Re: (ASCEND) 5.0Apx problems...</A></STRONG> </LI> <LI>Next by thread: <STRONG><A HREF="msg04866.html">(ASCEND) Max upgradabiity</A></STRONG> </LI> <LI>Index(es): <UL> <LI><A HREF="mail161.html#04862"><STRONG>Main</STRONG></A></LI> <LI><A HREF="thrd16.html#04862"><STRONG>Thread</STRONG></A></LI> </UL> </LI> </UL> <!--X-BotPNI-End--> <!--X-User-Footer--> <!--X-User-Footer-End--> </BODY> </HTML>