Re: [Help-gnu-radius] Ascend-Data-Filter syntax

help-gnu-radius

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Help-gnu-radius] Ascend-Data-Filter syntax

From:	Erik Olson
Subject:	Re: [Help-gnu-radius] Ascend-Data-Filter syntax
Date:	Thu, 17 Jun 2004 15:06:38 -0400

>>         Service-Type = Framed-User,
>>                 Framed-Protocol = PPP,
>>                 Ascend-Data-Filter="ip in forward tcp est",

>Specifying protocol (tcp, in this case) requires at least srcip/srcport
>or dstip/dstport to be present.

Thank you for your previous suggestions, they were very helpful, however I
still have one boggle .. My ISP is requiring the above Ascend-Data-Filter
line and I'm not sure how it needs to be phrased exactly.

I've tried this:

"ip in forward tcp dstip 0.0.0.0 est"

but then I got the error Expected {src|dst}port but found `dstip'.  All of
the documentation I've been able to find says that the original form of this
statement is valid, and I've seen it in many examples (except not GNU).

I also tried adding dstport > 0 but got the same error.

I assume this is to allow any traffic thru if the session is already
established?  Does GNU Radius require a different syntax for this line?  Any
suggestions would be very greatly appreciated!  Thanks

-Erik

----- Original Message -----
From: "Sergey Poznyakoff" <address@hidden>
To: "Erik Olson" <address@hidden>
Cc: <address@hidden>
Sent: Wednesday, June 16, 2004 4:27 PM
Subject: Re: [Help-gnu-radius] Ascend-Data-Filter syntax

> Hi Erik,
>
> You have forgotten to say what version of GNU Radius you are running.
>
> Erik Olson <address@hidden> wrote:
>
> > DEFAULT Auth-Type = Local,
> >                 Simultaneous-Use = 1,
> >                 Strip-User-Name = Yes
>
> This part is missing User-Password attribute, which is  mandatory
> for Auth-Type = Local
>
> >         Service-Type = Framed-User,
> >                 Framed-Protocol = PPP,
> >                 Ascend-Data-Filter="ip in forward tcp est",
>
> Specifying protocol (tcp, in this case) requires at least srcip/srcport
> or dstip/dstport to be present.
>
> >                 Ascend-Data-Filter="ip in forward dstip 66.77.41.0/24",
>
> This one is OK.
>
> >                 Ascend-Data-Filter="ip in drop tcp dstport=25",
>
> Add spaces around the '=' sign:
>
>                   Ascend-Data-Filter="ip in drop tcp dstport = 25"
>
> >                 Ascend-Data-Filter="ip in drop tcp srcport=80",
>
> Likewise.
>
> >                 Ascend-Data-Filter="ip in forward",
>
> This one is OK
>
> Regards,
> Sergey
>

[Prev in Thread]

Current Thread

[Next in Thread]

[Help-gnu-radius] Ascend-Data-Filter syntax, Erik Olson, 2004/06/16
- [Help-gnu-radius] Returnung Proxy-State unmodified, Erik Olson, 2004/06/16
  - Re: [Help-gnu-radius] Returnung Proxy-State unmodified, Sergey Poznyakoff, 2004/06/16
- Re: [Help-gnu-radius] Ascend-Data-Filter syntax, Sergey Poznyakoff, 2004/06/16
  - Re: [Help-gnu-radius] Ascend-Data-Filter syntax, Erik Olson, 2004/06/16
  - Re: [Help-gnu-radius] Ascend-Data-Filter syntax, Erik Olson <=
    - Re: [Help-gnu-radius] Ascend-Data-Filter syntax, Sergey Poznyakoff, 2004/06/17
    - Re: [Help-gnu-radius] Ascend-Data-Filter syntax, Sergey Poznyakoff, 2004/06/17

Prev by Date: Re: [Help-gnu-radius] profiles in hints not reply to NAS
Next by Date: Re: [Help-gnu-radius] Ascend-Data-Filter syntax
Previous by thread: Re: [Help-gnu-radius] Ascend-Data-Filter syntax
Next by thread: Re: [Help-gnu-radius] Ascend-Data-Filter syntax
Index(es):
- Date
- Thread