(RADIATOR) Fwd: Easy add ascend-data-filterPart 2 Setup on 3com Total Control

Sergio Gonzalez sagonzal at sky.net.co
Tue Aug 10 18:16:18 CDT 2004


Hello everyone.


The TC filters may vary depending on which router cards you have on the 
chassis. For example if you have hiper ARC (I think it is your case) the 
Attributes (that may vary on which dictionary radiator is using also) may 
look like

USR-IP-Input-Filter = " .... "

the "..... " must be a sequence number followed by a single rule. If you 
need to apply many rules to the same dial-up connection, you just need to 
add USR-IP-Input-Filter = "....." Attributes pairs as you need. As an 
example, for certain users I've at the end of an AuthBy this:

         AddToReply Framed-Protocol = PPP, \
                        Framed-MTU = 1500, \
                        Framed-Compression = Van-Jacobson-TCP-IP, \
                        USR-IP-Input-Filter = "04 AND tcp-dst-port=25", \
                        USR-IP-Input-Filter = "05 REJECT dst-addr != 
192.168.0.0/28", \
                        USR-IP-Input-Filter = "100 PERMIT ", \
                        Idle-Timeout = 900

(don't forget the backslashes... the AddToReply needs all the attribute 
pairs to be on a single line)


hth Wayne.

Regards


>Hello Everyone -
>
>Can anyone answer Wayne's question?
>
>thanks and regards
>
>Hugh
>
>
>Begin forwarded message:
>
>>From: "Wayne" <wayne at hamilton.net>
>>Date: 11 August 2004 07:00:21 GMT+10:00
>>To: "Hugh Irvine" <hugh at open.com.au>
>>Subject: Easy add ascend-data-filterPart 2 Setup on 3com Total Control
>>
>>Thanks Hugh for the great product and help. Yes I am glad I use Radiator.
>>
>>
>>Now has anyone got the filter to work on a Total Control. I did enable
>>ascend attributes on radius but the filter doesn't work.
>>
>>Wayne
>>----- Original Message -----
>>From: "Hugh Irvine" <hugh at open.com.au>
>>To: "Wayne" <wayne at hamilton.net>
>>Cc: <radiator at open.com.au>
>>Sent: Monday, August 09, 2004 11:03 PM
>>Subject: Re: (RADIATOR) Easy add ascend-data-filter to mysql
>>
>>
>>
>>Hello Wayne -
>>
>>You will be pleased to know that it _is_ this simple.
>>
>><AuthBy SQL>
>>.....
>>AuthSelect select PASSWORD, CHECKATTR, REPLYATTR, ADDTOREPLY \
>>from SUBSCRIBERS \
>>where USERNAME='%n'
>>AuthColumnDef 0, Password, check
>>AuthColumnDef 1, GENERIC, check
>>AuthColumnDef 2, GENERIC, reply
>>AuthColumnDef 3, GENERIC, reply
>>....
>></AuthBy>
>>
>>then the ADDTOREPLY field would contain (if required):
>>
>>Ascend-Data-Filter=.......
>>
>>Aren't you glad you use Radiator?
>>
>>BTW - you could also just add the "Ascend-Data-Filter= ....." to the
>>REPLYATTR field.
>>
>>regards
>>
>>Hugh
>>
>>
>>
>>On 10 Aug 2004, at 13:45, Wayne wrote:
>>
>>>Hello All,
>>>
>>>I need to send a ascend-data-filter. I was looking for and easy add
>>>but I don't think it's going to be this easy. I want to add a filter
>>>to drop connections to port 25 that are not going to my mail server
>>>but I want to do it on a per user bases in my mysql database. Could I
>>>just add a Field to my table called ADDTOREPLY and put this in my
>>>Authby SQL AuthSelect select PASSWORD, CHECKATTR, REPLYATTR,
>>>ADDTOREPLY from SUBSCRIBERS where USERNAME='%n' ? This way if a
>>>customer needs to use a different email server than our local one we
>>>can just put a NULL in the ADDTOREPLY field. Some how this seems to
>>>simple I don't think I can just a ADDTOREPLY. Has someone else done
>>>this on a per user bases if so can you tell me how you went about it ?
>>>
>>>Thanks Wayne
>>
>>NB: have you included a copy of your configuration file (no secrets),
>>together with a trace 4 debug showing what is happening?
>>
>>--
>>Radiator: the most portable, flexible and configurable RADIUS server
>>anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>>-
>>Nets: internetwork inventory and management - graphical, extensible,
>>flexible with hardware, software, platform and database independence.
>>-
>>CATool: Private Certificate Authority for Unix and Unix-like systems.
>>
>
>NB: have you included a copy of your configuration file (no secrets),
>together with a trace 4 debug showing what is happening?
>
>--
>Radiator: the most portable, flexible and configurable RADIUS server
>anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>-
>Nets: internetwork inventory and management - graphical, extensible,
>flexible with hardware, software, platform and database independence.
>-
>CATool: Private Certificate Authority for Unix and Unix-like systems.
>
>--
>Archive at http://www.open.com.au/archives/radiator/
>Announcements on radiator-announce at open.com.au
>To unsubscribe, email 'majordomo at open.com.au' with
>'unsubscribe radiator' in the body of the message.

Sergio Alejandro Gonzalez
Director Operativo
Network and Services Field Manager
SkyNet de Colombia.
Calle 100 No. 8A-55 Of. 711
Bogota, Cundinamarca
Colombia, South America.
Tel: 57 (+1) 6 422 020
Cel: 57 (+3)/(03315) 3551034
Pager: 5405555, 3469999 Cod 2010

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list