Ascend Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: (ASCEND) Restricting access to a specific subnet through RADIUS



On Wed, 17 Sep 1997 Dean_Heltemes@cargill.com wrote:

>      I have a vendor with a Pipeline 50 that needs to dial into our MAX 
>      4004 (5.0Ap1).  I would like to use RADIUS to restrict this vendor 
>      from not being able to use IPX, and to only use IP to a specific 
>      subnet or subnets.  In one of the sample RADIUS users files, I found 
>      that to restrict IP access to a specific host machine you could add 
>      the following line to the user's RADIUS entry:
>      
>      Ascend-Data-Filter="ip in forward dstip 200.200.200.200/32"
>      
>      Questions:
>      
>      - What is the difference between a call filter and a data filter?

Call filter only applies if the dial-up line is closed. If it's up, the
call filter is not used. So you can control what packets will cause your
ascend to tial out. Data filter is  always used.

>      - How do I stop all IPX?

Set  "Route IPX = no" in Answer Profile or connection profiles. 
In RADIUS set "Ascend-Route-IPX = Route-IPX-No"

>      - How do I limit IP access to a specific subnet?

Ascend-Data-Filter="ip in forward dstip 200.200.200.0/24" enables
access to the whole Class-C net. Not so difficult, is it?

Greetings,

Elmar


----------------------------------------------------------------------
Elmar Haag             CENTAUR COMMUNICATION           Urbanstrasse 68
haag@centaur.de         Xlink PoP Heilbronn            74074 Heilbronn
http://www.centaur.de   Tel +49 7131 799 258     Fax +49 7131 799 260



++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>


References: