(RADIATOR) Email only Radius Profile
Robert Blayzor
rblayzor at inoc.net
Tue May 14 20:29:24 CDT 2002
Emily,
I could be wrong, but in some of the latest versions of IOS, your
Radiator user entry would in most cases fail on a Cisco access server.
You are specifying a "Filter-Id" which Cisco can and does use if
configured; if that access-list does not exist on the AS5xxx, the call
will get dropped.
On the PM3, it should work, and the cisco-avpair should just be ignored.
This could be *part* of the problem if you are seeing calls immediately
hang up on the ASxxx shortly after or during auth.
--
Robert Blayzor, BOFH
INOC, LLC
rblayzor at inoc.net
Any sufficiently advanced bug is indistinguishable from a feature. -
Kulawiec
> > On the RAS BOX
> >
> > ip policy route-map email
> > route-map email permit 10
> > match ip address 103
> >
> > access-list 103 permit tcp any any eq 25
> > access-list 103 permit udp any any eq 53
> > access-list 103 permit tcp any any eq 110
> > access-list 103 permit tcp any any eq 113
> > access-list 103 deny any any
> >
> >
> > On PM3
> >
> > 1 permit 0.0.0.0/0 206.40.79.2/32 tcp dst eq 25
> > 2 permit 0.0.0.0/0 206.40.79.2/32 udp dst eq 53
> > 3 permit 0.0.0.0/0 206.40.79.2/32 tcp dst eq 80
> > 4 permit 0.0.0.0/0 206.40.79.2/32 tcp dst eq 110
> > 5 permit 0.0.0.0/0 206.40.79.2/32 tcp src eq 113
> > 6 permit 0.0.0.0/0 206.40.79.2/32 tcp dst eq 443
> > 7 permit 0.0.0.0/0 206.40.79.2/32 icmp
> >
> > add filter email.sec
> > set filter email.sec 1 permit 0.0.0.0/0 0.0.0.0/0 tcp src
>
> eq 25 dst eq 25
>
> > estab set filter email.sec 1 permit 0.0.0.0/0 0.0.0.0/0 tcp
>
> src eq 53 dst
>
> > eq 53 estab set filter email.sec 1 permit 0.0.0.0/0
>
> 0.0.0.0/0 tcp src eq
>
> > 110 dst eq 110 estab
> > set filter email.sec 1 permit 0.0.0.0/0 0.0.0.0/0 tcp src
>
> eq 113 dst eq 113
>
> > estab
> > set filter email.sec 1 deny 0.0.0.0/0 0.0.0.0/0 tcp
> > set filter email.sec 1 deny 0.0.0.0/0 0.0.0.0/0 udp
> >
> >
> > Let me know what you think!
> >
> > Thanks,
> > Emily Whitworth
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
-------------------------------------------------------
--
Mike McCauley mikem at open.com.au
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
Phone +61 3 9598-0985 Fax +61 3 9598-0955
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc
on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X etc etc
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list