Ascend filter problem
Doug Currey
dcurrey at your-net.com
Wed Jan 9 15:34:22 CST 2002
Hi Broadwing has started requiring the following info passwd back to
them.
> Ascend-Data-Filter = "ip in forward tcp est",
> Ascend-Data-Filter = "ip in forward dstip 192.48.96.0/24",
> Ascend-Data-Filter = "ip in drop tcp dstport = 25",
> Ascend-Data-Filter = "ip in forward"
I made sure the "ATTRIBUTE Ascend-Data-Filter
242 abinary" is in our dictionary file.
and and have the following added to my config file:
AddToReply Ascend-Data-Filter = "ip in forward tcp est", \
Ascend-Data-Filter = "ip in forward dstip 65.89.54.0/24", \
Ascend-Data-Filter = "ip in drop tcp dst = 25", \
Ascend-Data-Filter = "ip in forward"
Also have this entry this one has always been in my config.
AddToReplyIfNotExist Service-Type = Framed-User, Framed-Protocol =
PPP, \
Framed-IP-Address = 255.255.255.254, \
Framed-IP-Netmask = 255.255.255.255, \
Framed-MTU =1500, \
Framed-Compression = Van-Jacobson-TCP-IP, \
Idle-Timeout = 1200, \
Session-Timeout = 14400
1st Am I allowd to have both addtoreply and addtoreplyifnotexist in
the realm.
2nd I am getting the following error on my trace 4
WARNING: Could not parse Ascend-Data-Filter: ip in drop tcp dst = 25
Any suggestions
Thanks
Doug Currey
Interlink Technologies
clip of trace:
-----------------------------------------------------
*** Received from 216.143.197.130 port 42592 ....
Code: Access-Request
Identifier: 35
Authentic: <200><143><29><<176> <246>8<143><135><16>)<223><253>T<
Attributes:
User-Name = "badgdl at your-net.com"
User-Password = "<229>8mg!
I><241><147><218>S<214><156>u<25><189>"
NAS-IP-Address = 216.140.11.214
NAS-Port = 2720
Service-Type = Framed-User
Framed-Protocol = PPP
Called-Station-Id = "9375821111"
Calling-Station-Id = "5139342884"
NAS-Port-Type = Async
Cisco-NAS-Port = "Async1/7/128"
Wed Jan 9 15:28:52 2002: DEBUG: Handling request with
Handler 'Realm=your-net.com'
Wed Jan 9 15:28:52 2002: DEBUG: Rewrote user name to badgdl
Wed Jan 9 15:28:52 2002: DEBUG: Rewrote user name to badgdl
Wed Jan 9 15:28:52 2002: DEBUG: SDBSQL Deleting session for
badgdl at your-net.com, 216.140.11.214, 2720
Wed Jan 9 15:28:52 2002: DEBUG: do query is: delete from ONLINE where
USERNAME='badgdl' and NASIDENTIFIER='216.140.11.214$
Wed Jan 9 15:28:52 2002: DEBUG: Handling with Radius::AuthSQL
Wed Jan 9 15:28:52 2002: DEBUG: Handling with Radius::AuthSQL
Wed Jan 9 15:28:52 2002: DEBUG: Query is: select HIGH_PRIORITY
PASSWORD, CHECKATTR, REPLYATTR from USERS where USERNAME='$
Wed Jan 9 15:28:52 2002: DEBUG: Radius::AuthSQL looks for match with
badgdl
Wed Jan 9 15:28:52 2002: DEBUG: Radius::AuthSQL ACCEPT:
Wed Jan 9 15:28:52 2002: DEBUG: Access accepted for badgdl
Wed Jan 9 15:28:52 2002: DEBUG: do query is: insert DELAYED into
RADAUTHLOG (TIME_STAMP, USERNAME, PASSWORD, STATUS) val$
Wed Jan 9 15:28:52 2002: WARNING: Could not parse Ascend-Data-Filter:
ip in drop tcp dst = 25
Wed Jan 9 15:28:52 2002: DEBUG: Packet dump:
*** Sending to 216.143.197.130 port 42592 ....
Code: Access-Accept
Identifier: 35
Authentic: <200><143><29><<176> <246>8<143><135><16>)<223><253>T<
Attributes:
Ascend-Data-Filter = ip in forward tcp est
Ascend-Data-Filter = ip in forward dstip 65.89.54.0/24
Ascend-Data-Filter = ip in drop tcp dst = 25
Ascend-Data-Filter = ip in forward
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Address = 255.255.255.254
Framed-IP-Netmask = 255.255.255.255
Framed-MTU = 1500
Framed-Compression = Van-Jacobson-TCP-IP
Idle-Timeout = 1200
Session-Timeout = 14400
Wed Jan 9 15:28:53 2002: DEBUG: Packet dump:
*** Received from 216.143.197.130 port 42592 ....
*** Received from 216.143.197.130 port 42592 ....
Code: Accounting-Request
Identifier: 36
Authentic:
<199><18><148><147>'<16><190><0><254><154><236>.<171><212>.D
Attributes:
User-Name = "badgdl at your-net.com"
NAS-IP-Address = 216.140.11.214
NAS-Port = 2720
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Address = 65.91.245.30
Called-Station-Id = "9375821111"
Calling-Station-Id = "5139342884"
Acct-Status-Type = Start
Acct-Delay-Time = 0
Acct-Session-Id = "0000F6E6"
Acct-Authentic = RADIUS
NAS-Port-Type = Async
Cisco-NAS-Port = "Async1/7/128"
Wed Jan 9 15:28:53 2002: DEBUG: Handling request with
Handler 'Realm=your-net.com'
Wed Jan 9 15:28:53 2002: DEBUG: Rewrote user name to badgdl
Wed Jan 9 15:28:53 2002: DEBUG: Rewrote user name to badgdl
Wed Jan 9 15:28:53 2002: DEBUG: SDBSQL Adding session for badgdl at your-
net.com, 216.140.11.214, 2720
Wed Jan 9 15:28:53 2002: DEBUG: do query is: delete from ONLINE where
USERNAME='badgdl' and NASIDENTIFIER='216.140.11.214$
Wed Jan 9 15:28:53 2002: DEBUG: do query is: insert delayed into
ONLINE (USERNAME, NASIDENTIFIER, NASPORT, ACCTSESSIONID,$
Wed Jan 9 15:28:53 2002: DEBUG: Handling with Radius::AuthSQL
Wed Jan 9 15:28:53 2002: DEBUG: Handling accounting with
Radius::AuthSQL
Wed Jan 9 15:28:53 2002: DEBUG: Accounting accepted
Wed Jan 9 15:28:53 2002: DEBUG: Packet dump:
-------------------------------------------------------
--
Mike McCauley mikem at open.com.au
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
Phone +61 3 9598-0985 Fax +61 3 9598-0955
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc
on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list