(RADIATOR) Email only Radius Profile

ewhitwor at centurytel.net ewhitwor at centurytel.net
Tue May 14 12:53:34 CDT 2002 

Hey,

We are trying to setup a filter to work with Radius/Ldap to allow for a 
group that has email as the only service!
This is what we have put together as of now... we have tried it and it does 
not work!!! :(  I have opened 2 tac
cases with Cisco. Cisco claims that the only possible way to do this is to 
have TACACS and a separate dial
pool! That would be wasteful of on ips! There has to be a way!! Any 
suggestions???


# Default Dial-Up PPP EMAIL ONLY User System Profile
DEFAULT Auth-Type = System, NAS-Port-Type = Async, Group = email,
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 255.255.255.254,
Framed-IP-Netmask = 255.255.255.255,
cisco-avpair = "lcp:interface-config=ip policy route-map email",
Filter-Id = "email.sec",
Port-Limit = 1,
Idle-Timeout = 1200,
Session-Timeout = 28800,
Class = email



On the RAS BOX

ip policy route-map email
route-map email permit 10
match ip address 103

access-list 103 permit tcp any any eq 25
access-list 103 permit udp any any eq 53
access-list 103 permit tcp any any eq 110
access-list 103 permit tcp any any eq 113
access-list 103 deny any any


On PM3

  1 permit 0.0.0.0/0 206.40.79.2/32 tcp dst eq 25
  2 permit 0.0.0.0/0 206.40.79.2/32 udp dst eq 53
  3 permit 0.0.0.0/0 206.40.79.2/32 tcp dst eq 80
  4 permit 0.0.0.0/0 206.40.79.2/32 tcp dst eq 110
  5 permit 0.0.0.0/0 206.40.79.2/32 tcp src eq 113
  6 permit 0.0.0.0/0 206.40.79.2/32 tcp dst eq 443
  7 permit 0.0.0.0/0 206.40.79.2/32 icmp

add filter email.sec
set filter email.sec 1 permit 0.0.0.0/0 0.0.0.0/0 tcp src eq 25 dst eq 25 estab
set filter email.sec 1 permit 0.0.0.0/0 0.0.0.0/0 tcp src eq 53 dst eq 53 estab
set filter email.sec 1 permit 0.0.0.0/0 0.0.0.0/0 tcp src eq 110 dst eq 110 
estab
set filter email.sec 1 permit 0.0.0.0/0 0.0.0.0/0 tcp src eq 113 dst eq 113 
estab
set filter email.sec 1 deny 0.0.0.0/0 0.0.0.0/0 tcp
set filter email.sec 1 deny 0.0.0.0/0 0.0.0.0/0 udp


Let me know what you think!

Thanks,
Emily Whitworth




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20020514/17ed9ace/attachment.html>

More information about the radiator mailing list