Oliver, I have solved the issue. I had to kick the attributes around a little bit. Not sure what did it, all i did was set the sql field to the line again and boom, it worked. Nothing different. Thanks anways. My next task is to setup a profile for dst-port 80 only to one host for disabled customers. Thanks, Brandon ----- Original Message ----- From: "Oliver Francke" <Oliver.Francke@telefonica.de> To: "Discussion relating to the 3Com/US Robotics Total Control modemsystems." <usr-tc@mailman.xmission.com> Cc: <usr-tc@lists.xmission.com> Sent: Wednesday, November 19, 2003 4:41 PM Subject: Re: [USR-TC] IP Filters via Radius Profiles
Hi Brandon,
On Wed, Nov 19, 2003 at 04:19:55PM -0500, Brandon Lehmann wrote:
Hi List,
I have read through a lot of the archives concerning IP filtering similar to Ascend-Data-Filter. I would like to refrain from setting up "filters" on the TC. I would rather send the filters down dynamically from the radius server.
I have added the following radius attributes to my sql server for passing the filters down to the user on login.
USR-IP-Input-Filter = "1 AND tcp-dst-port = 25", USR-IP-Input-Filter = "2 REJECT dst-addr != X.X.X.X/24", USR-IP-Input-Filter = "3 PERMIT"
Just some thoughts:
1. Ensure this attribute is something like: USR.attr USR-IP-Input-Filter 36864 string (*, 0)
this is "Merit" syntax, but the dezimal value of 36864 is of course important.
2. Each line should look like: USR-IP-Input-Filter = "1 AND tcp-dst-port = 25;", so, don't omit the ^ at the end of each string inside the "..."
3. Have a look at the HARC itself: Do some monitoring with the CLI-command: monitor radius and then "B" for monitor all authentication packets, if the rules apply from RADIUS. One should see all the rules decoded by the HARC.
4. Ensure correct modem-interface settings per CLI-command: set modem_group all filter_access on
Hope it helps,
Oliver.
-- Oliver.Francke@telefonica.de fon. +49-5246-80-1389 mob. +49-171-5597734 I used to have a sig, but I've stopped smoking.
_______________________________________________ USR-TC mailing list USR-TC@mailman.xmission.com http://mailman.xmission.com/cgi-bin/mailman/listinfo/usr-tc