Ascend Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
(ASCEND) RADIUS filter problem
OK, I'm about ready to give up. What am I doing wrong here? I have a
user ID I need to restrict to DNS lookups and one Web server only. I
started out with what I thought was a valid Ascend-Data-Filter in the
RADIUS users file, but nothing happened. No traffic at all. After
playing with it for a couple of very frustrating hours, I finally tried
this, just to see if I could do anything at all (the address in the
example is our primary name server):
Ascend-Data-Filter = "ip in forward udp dstip 206.28.166.251",
Ascend-Data-Filter = "ip in forward tcp dstip 206.28.166.251",
Ascend-Data-Filter = "ip in forward icmp dstip 206.28.166.251",
Ascend-Data-Filter = "ip out forward udp srcip 206.28.166.251",
Ascend-Data-Filter = "ip out forward tcp srcip 206.28.166.251",
Ascend-Data-Filter = "ip out forward icmp srcip 206.28.166.251",
Ascend-Data-Filter = "ip in drop",
Ascend-Data-Filter = "ip out drop"
Well, I dial in with the username with the filter... nothing. Can't talk
to squat, no ping, no DNS, no nuthin', nowhere, nohow. No filter, no
problem, can talk to anything. Boxes in question are Max 4K, 5.0Ap23 and
5.0Ap20. I got thins working on a Computone in about 30 minutes, but now
I'm about to rip my hair out. See, on the Computone, I can set up a
filter, give it a name (just like the Max)... and put the flippin' filter
name in the RADIUS users file, like:
Framed-Filter-ID = luserfilter,
just like one would expect to be able to do - but nooooooo... not with
the Max... grrr.
Dale
--------------------------------------------------------------
Dale Botkin, President | Voice: (402) 593-9800
Probe Technology Inc. | FAX: (402) 593-8748
Omaha, NE | Email: dbotkin@probe.net
++ Ascend Users Mailing List ++
To unsubscribe: send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd: <http://www.nealis.net/ascend/faq>