Ascend Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

(ASCEND) Filters with Radiusd and Ascend TNT



Hi there,

We have both an Ascend TNT and some Ascend MAX 4000.  I need to create a
user (or several) which can connect to us, but can only access one
server.  The solution, it seemed, would be to create filters with
Radius, and have only that user be affected by them.  I did that, and it
works like a charm for the 4000s (and, incidentally, for PortMasters),
but doesn't work at all for the TNT (software version 1.3Ap17).

The 'users' database is set like this:

user	Password = "password"
        User-Service-Type = Framed-User,
	Framed-Protocol = PPP,
        Idle-Timeout = 900,
        Framed-Address = 255.255.255.254,
        Framed-Netmask = 255.255.255.255,
        Framed-Routing = None,
        Framed-Compression = Van-Jacobsen-TCP-IP,
        Framed-Filter-Id = "filter",
        Framed-MTU = 1500,
        Ascend-Data-Filter = "ip in forward dstip 200.200.200.200/32",
        Ascend-Data-Filter = "ip out forward srcip 200.200.200.200/32",
        Ascend-Data-Filter = "ip in drop",
        Ascend-Data-Filter = "ip out drop"

The dictionary reads, in part:

ATTRIBUTE       Framed-Filter-Id        11      string
ATTRIBUTE       Ascend-Data-Filter      242     abinary

If the user logs in to an Ascend MAX 4000 or to any PortMaster, the
filter works (via 'Framed-Filter-Id' for the PMs, 'Ascend-Data-Filter'
for the MAXs); however, if the user logs in to a MAX TNT he's able to
access any IP address, as if the filter is not there.  A careful
comparison of the two sets of manuals (for the 4000 and the TNT) shows
no difference whatsoever, so I'm basically stunned.  Would any kind soul
be able to provide any insight ?

Thanks in advance,

-Wilson


++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>