On Wed, 8 Oct 1997, Tim Basher wrote: > > Does anyone know that Ascend Max4000 support standard Radius Attribute > > Framed-Filter (11) ? if it does, from which version ? > > No, the Ascend MAX does not support the RADIUS Framed-Filter attribute. > I am told that it is coming, but it is not in any released version yet. > > > I only know that Ascend Supports Ascend-Data-Filter (242) attribute, I'm > > not sure Ascend Max4000 support it. > > Yes, the MAX 4000 supports the Ascend-Data-Filter (and Ascend-Call-Filter) > attribute. Case in point... A typical radius entry on our system looks like this: swm Password = "KERBEROS" Framed-Address = 204.180.230.150, Framed-Netmask = 255.255.255.255, Ascend-Data-Filter = "ip in forward srcip 204.180.230.150/32", Ascend-Menu-Item="rlogin rowan;rowan Start shell on rowan;rowan", Ascend-Menu-Item="rlogin oak;oak Start shell on oak;oak", Ascend-Menu-Item="slip;slip Start SLIP;slip", Ascend-Menu-Item="ppp;ppp Start PPP;ppp", Ascend-Menu-Item="quit;quit Hangup;quit", Ascend-Menu-Selector="LIII Service: " We wanted to add filtering so that our ppp dialup customers could not login with linux boxes and spoof IPs on our network. To do this, we use static IPs and add a filter that let's packets through *only* if the source IP is equal to their IP. For customers who have a network behind the ppp, we add a seconf filter which allows packets from that network.. Example: opus Password = "KERBEROS" Framed-Address = 204.180.230.92, Framed-Netmask = 255.255.255.255, Framed-Route="205.160.0.64/28 204.180.230.92 4", Ascend-Data-Filter = "ip in forward srcip 204.180.230.92/32", Ascend-Data-Filter = "ip in forward srcip 205.160.0.64/28", Ascend-Menu-Item="rlogin rowan;rowan Start shell on rowan;rowan", Ascend-Menu-Item="rlogin oak;oak Start shell on oak;oak", Ascend-Menu-Item="slip;slip Start SLIP;slip", Ascend-Menu-Item="ppp;ppp Start PPP;ppp", Ascend-Menu-Item="quit;quit Hangup;quit", Ascend-Menu-Selector="LIII Service: " This all works very well.... Here's a question... If the max is setup to give out random IPs, does it setup such a filter? If not, bozos can IP spoof at will on their network.. - Steve ++ Ascend Users Mailing List ++ To unsubscribe: send unsubscribe to ascend-users-request@bungi.com To get FAQ'd: <<A HREF="http://www.nealis.net/ascend/faq">http://www.nealis.net/ascend/faq</A>> </PRE> <!--X-MsgBody-End--> <!--X-Follow-Ups--> <!--X-Follow-Ups-End--> <!--X-References--> <HR> <STRONG>References</STRONG>: <UL> <LI><STRONG><A HREF="msg09541.html">Re: (ASCEND) about Ascend Radius and M4k</A></STRONG></LI> <UL> <LI><EM>From</EM>: Tim Basher <basher@alpha.CES.CWRU.Edu></LI> </UL> </UL> <!--X-References-End--> <!--X-BotPNI--> <HR> <UL> <LI>Prev by Date: <STRONG><A HREF="msg09550.html">Re: (ASCEND) Ap27</A></STRONG> </LI> <LI>Next by Date: <STRONG><A HREF="msg09549.html">Re: (ASCEND) Processor to Max4000</A></STRONG> </LI> <LI>Prev by thread: <STRONG><A HREF="msg09541.html">Re: (ASCEND) about Ascend Radius and M4k</A></STRONG> </LI> <LI>Next by thread: <STRONG><A HREF="msg09522.html">(ASCEND) DEVASTATING BUG in P130's</A></STRONG> </LI> <LI>Index(es): <UL> <LI><A HREF="mail19.html#09552"><STRONG>Main</STRONG></A></LI> <LI><A HREF="thrd198.html#09552"><STRONG>Thread</STRONG></A></LI> </UL> </LI> </UL> <!--X-BotPNI-End--> <!--X-User-Footer--> <!--X-User-Footer-End--> </BODY> </HTML>