Ascend Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: (ASCEND) Restricting access to a specific subnet through RADIUS
On Wed, 17 Sep 1997 Dean_Heltemes@cargill.com wrote:
> I have a vendor with a Pipeline 50 that needs to dial into our MAX
> 4004 (5.0Ap1). I would like to use RADIUS to restrict this vendor
> from not being able to use IPX, and to only use IP to a specific
> subnet or subnets. In one of the sample RADIUS users files, I found
> that to restrict IP access to a specific host machine you could add
> the following line to the user's RADIUS entry:
>
> Ascend-Data-Filter="ip in forward dstip 200.200.200.200/32"
>
> Questions:
>
> - What is the difference between a call filter and a data filter?
Call filter only applies if the dial-up line is closed. If it's up, the
call filter is not used. So you can control what packets will cause your
ascend to tial out. Data filter is always used.
> - How do I stop all IPX?
Set "Route IPX = no" in Answer Profile or connection profiles.
In RADIUS set "Ascend-Route-IPX = Route-IPX-No"
> - How do I limit IP access to a specific subnet?
Ascend-Data-Filter="ip in forward dstip 200.200.200.0/24" enables
access to the whole Class-C net. Not so difficult, is it?
Greetings,
Elmar
----------------------------------------------------------------------
Elmar Haag CENTAUR COMMUNICATION Urbanstrasse 68
haag@centaur.de Xlink PoP Heilbronn 74074 Heilbronn
http://www.centaur.de Tel +49 7131 799 258 Fax +49 7131 799 260
++ Ascend Users Mailing List ++
To unsubscribe: send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd: <http://www.nealis.net/ascend/faq>
References: