Fwd: Re: (RADIATOR) access-list via cisco-avpair

Mike McCauley mikem at open.com.au
Fri Nov 15 05:21:43 CST 2002



----------  Forwarded Message  ----------

Subject: Re: (RADIATOR) access-list via cisco-avpair
Date: Fri, 15 Nov 2002 21:55:41 +1100
From: Paul Pilsbury <ppilsbur at connect.com.au>
To: Mike McCauley <mikem at open.com.au>

Hi,


I think we did this once with cisco avpairs.

Although its much easier to load the access-list
on the NAS and call that with Filter-Id = "filterlist.in"


e.g :-

AddToReply \
cisco-avpair = "ip:inacl#5=permit ip any 10.0.0.1 0.0.0.255", \
cisco-avpair = "ip:inacl#15=permit ip any host 192.168.1.1", \
cisco-avpair = "ip:inacl#20=permit udp any any eq domain", \
cisco-avpair = "ip:inacl#25=permit tcp any any eq domain", \
cisco-avpair = "ip:inacl#30=permit tcp any any established", \
cisco-avpair = "ip:inacl#35=permit udp any any range 1024 9000", \
cisco-avpair = "ip:inacl#99=deny ip any any"


Hope this helps,

PP

On Fri, Nov 15, 2002 at 09:38:36PM +1100, Mike McCauley said:
| ----------  Forwarded Message  ----------
|
| Subject: BOUNCE radiator at open.com.au:    Non-member submission from ["Fred
| Albrecht" <Fred.Albrecht at za.tiscali.com>]
| Date: Thu, 14 Nov 2002 23:04:37 -0600
| From: owner-radiator at open.com.au
| To: radiator-approval at open.com.au
|
| >From mikem at server1.open.com.au Thu Nov 14 23:04:37 2002
|
| Received: from cmail-3.worldonline.co.za (cmail-3.worldonline.co.za
|  [196.41.128.93]) by server1.open.com.au (8.11.0/8.11.0) with ESMTP id
|  gAF54ZC09795
| 	for <radiator at open.com.au>; Thu, 14 Nov 2002 23:04:36 -0600
| Received: from mail.za.tiscali.com ([196.25.100.22]) by
|           cmail-3.worldonline.co.za (Netscape Messaging Server 4.15) with
|           ESMTP id H5M3LY00.D0V for <radiator at open.com.au>; Fri, 15 Nov
|           2002 11:56:22 +0200
| content-class: urn:content-classes:message
| MIME-Version: 1.0
| Content-Type: text/plain;
| 	charset="iso-8859-1"
| Subject: access-list via cisco-avpair
| X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
| Date: Fri, 15 Nov 2002 11:56:21 +0200
| Message-ID: <BE98FC8FD4B8664EA348B7E70E516A5F33A634 at ENG>
| X-MS-Has-Attach:
| X-MS-TNEF-Correlator:
| Thread-Topic: (RADIATOR) Renaming cisco-avpair
| Thread-Index: AcKHaTSv2IdbsRasTh69UScinz/5QAFI1XHg
| From: "Fred Albrecht" <Fred.Albrecht at za.tiscali.com>
| To: <radiator at open.com.au>
| Content-Transfer-Encoding: 8bit
| X-MIME-Autoconverted: from quoted-printable to 8bit by server1.open.com.au
| id gAF54bC09797
|
| Hi
|
| I've looked through the archives concerning this topic and could not find
| an answer that makes sense to me.  I also realise that this is a Cisco
| question, but since I'm trying to do this via Radiator I thought someone
| here may have done a similar thing allready.  Does anyone know how to
| restrict a dialup user to only see dns, pop3, smtp and one server, eg
| 10.10.10.10 on port 80, using a cisco-avpair, configured inside a Radiator
| config file.  Please, this is urgent and any leads will be appreciated.
|
| Thx
|
| :)
|
| Fred Albrecht
| IP Specialist
|
| World Online
| A Division of Tiscali (Pty) Ltd
| Office:  +27 21 940-9807
| Fax:     +27 21 940-9103
| Mobile:  +27 82 52 00 165
| e-mail:  fred at za.tiscali.com
| http://www.worldonline.co.za
|
| Disclaimer:  This email is considered a business record and is therefore
|  property of Tiscali.  This email, and any files transmitted with it are
|  confidential and are intended solely for the use of the individual or
| entity to whom they are addressed.  This communication represents the
| originator's personal views and opinions, which do not necessarily reflect
| those of Tiscali.  If you are not the original recipient or the person
| responsible for delivering the email to the intended recipient, be advised
| that you have this email in error, and that any use, dissemination,
| forwarding, printing, or copying of this email is strictly prohibited.  If
| you received this email in error, please immediately notify
| discliamer at za.tiscali.com.
|
| -------------------------------------------------------
|
| --
| Mike McCauley                               mikem at open.com.au
| Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
| 24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
| Phone +61 3 9598-0985                       Fax   +61 3 9598-0955
|
| Radiator: the most portable, flexible and configurable RADIUS server
| anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
| Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
| TTLS etc on Unix, Windows, MacOS etc.
|
| ===
| Archive at http://www.open.com.au/archives/radiator/
| Announcements on radiator-announce at open.com.au
| To unsubscribe, email 'majordomo at open.com.au' with
| 'unsubscribe radiator' in the body of the message.

--

Paul Pilsbury  	 System Administrator	 ppilsbur at connect.com.au

-------------------------------------------------------

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
Phone +61 3 9598-0985                       Fax   +61 3 9598-0955

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS etc on Unix, Windows, MacOS etc.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list