Re: (ASCEND) Restricting access to a specific subnet through RADIUS

To: Dean_Heltemes@cargill.com
Subject: Re: (ASCEND) Restricting access to a specific subnet through RADIUS
From: Jim Howard <jhoward@lyceum.com>
Date: Thu, 02 Oct 1997 17:21:53 -0400
Cc: ascend-users@bungi.com
Sender: owner-ascend-users@max.bungi.com

At 10:17 09/17/1997 -0500, Dean_Heltemes@cargill.com wrote:
>     Ascend-Data-Filter="ip in forward dstip 200.200.200.200/32"
>     
>     Questions:
>     
>     - What is the difference between a call filter and a data filter?
>     - How do I stop all IPX?
>     - How do I limit IP access to a specific subnet?

I believe this will prevent IPX routing, and allow only IP:
	Framed-Routing = None,
	Ascend-Route-IP = 1,

The call filter applies only to the idle timer,
so you would use a data filter to actually prevent traffic,
and a call filter like this one will keep a user from 
running a ping to prevent the call from going idle,
but the ping traffic actually will be passed on:
	Ascend-Call-Filter = "ip out drop icmp",
	Ascend-Call-Filter = "ip out forward",
	Ascend-Call-Filter = "ip in drop icmp",
	Ascend-Call-Filter = "ip in forward",

-Jim H
----
Jim Howard             Sr Network Engineer        Lyceum Internet
jhoward@lyceum.com     http://www.lyceum.com/     404.248.1733     

My PGP Public Key: http://www.lyceum.com/~jhoward/pgp-key.txt
Fingerprint: 7E8B E2BA 1314 2535 CB08  CFF9 119B 7CD3 2488 954D

++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>

Prev by Date: Re: (ASCEND) Hash code redux
Next by Date: (ASCEND) accounting and detail script
Prev by thread: Re: (ASCEND) Restricting access to a specific subnet through RADIUS
Next by thread: (ASCEND) Max 4000 Fully Loaded
Index(es):
- Main
- Thread