Packet Filter

29 May 2003

      I have created a filter for some users to allow them access only one 
website and two dns servers.
When this user logs in radius assigns interface this filter 
(filter_access is on). But ARC sends some errors to syslog.
When this happens packets from/to user are still filtered but why errors 
occure?
(This filter is on two arcs, on one v5.1.102 it works perfectly, but on 
this arc it doesn't).
ARC ios V4.1.59.

P.S. I copied filter from another arc but still I'm getting this errors. 
I tried to write this filter in windows (with \r\n and in linux, with 
only \r),
uploaded this filter first in binary and then in ascii (tftp). Always 
the same result. verify filter <filtername>  - shows no errors.

Can anybody help?

May 19 00:07:40 arc.ip.addr At 15:42:48, Facility "Auth Facility", Level 
"COMMON":: A call is established, call id 18612240, on interface 
slot:2/mod:29
May 19 00:07:40 arc.ip.addr At 15:42:48, Facility "Call Initiation 
Process", Level "COMMON":: CIP: Detected PPP frame, state 1, line 388, 
File ../../src/cip_xmt_rx.c
May 19 00:07:41 arc.ip.addr At 15:42:49, Facility "Auth Facility", Level 
"COMMON":: Port slot:2/mod:29 successful RADIUS authentication for user: 
some-username
May 19 00:07:41 arc.ip.addr At 15:42:49, Facility "MPIP", Level 
"COMMON":: MPIP Link registration failed, because the client state is OFF
May 19 00:07:41 arc.ip.addr At 15:42:49, Facility "Filter Manager 
Process", Level "COMMON":: FM: No RADIUS rules available for 
user_handle=58e007, status=554d650c
May 19 00:07:41 arc.ip.addr At 15:42:49, Facility "SBUS", Level 
"UNUSUAL"::  INPUT=== #filter^M IP:^M ^M 001 AND src-addr = 0.0.0.0/0;^M 
002 AND dst-addr = x.x.x.x/32;^M 003 ACCEPT udp-dst-port = 53;^M 004 AND 
src-addr = 0.0.0.0/0;^M 005 AND dst-addr = y.y.y.y/32;^M 006 ACCEPT 
udp-dst-port = 53;^M 007 AND src-addr = 0.0.0.0/0;^M 008 AND dst-addr = 
z.z.z.z/32;^M 009 ACCEPT tcp-dst-port = 80;^M 010 DENY;^M   
May 19 00:07:41 arc.ip.addr At 15:42:49, Facility "SBUS", Level 
"UNUSUAL":: invalid token near line 1 (text was '^M')
May 19 00:07:41 arc.ip.addr At 15:42:49, Facility "SBUS", Level 
"UNUSUAL":: invalid token near line 2 (text was '^M')
May 19 00:07:41 arc.ip.addr At 15:42:49, Facility "SBUS", Level 
"UNUSUAL":: invalid token near line 3 (text was '^M')
May 19 00:07:41 arc.ip.addr At 15:42:49, Facility "SBUS", Level 
"UNUSUAL":: invalid token near line 4 (text was '=')
May 19 00:07:41 arc.ip.addr At 15:42:49, Facility "SBUS", Level 
"UNUSUAL"::  ERRRRRRORRR
May 19 00:07:41 arc.ip.addr At 15:42:49, Facility "SBUS", Level 
"UNUSUAL"::  
=============================================================================== 

May 19 00:07:41 arc.ip.addr At 15:42:49, Facility "SBUS", Level 
"UNUSUAL"::  HiPerARC Filter Rules #filter IP:  
May 19 00:07:41 arc.ip.addr At 15:42:49, Facility "SBUS", Level 
"UNUSUAL":: line 4: syntax error near or at "AND"
May 19 00:07:41 arc.ip.addr At 15:42:49, Facility "SBUS", Level 
"UNUSUAL"::  INPUT=== #filter^M IP:^M ^M 001 AND src-addr = 
x.x.x.x/32;^M 002 AND dst-addr = 0.0.0.0/0;^M 003 AND udp-src-port = 
53;^M 004 ACCEPT udp-dst-port > 1023;^M 005 AND src-addr = y.y.y.y/32;^M 
006 AND dst-addr = 0.0.0.0/0;^M 007 AND udp-src-port = 53;^M 008 ACCEPT 
udp-dst-port > 1023;^M 009 AND src-addr = z.z.z.z/32;^M 010 AND dst-addr 
= 0.0.0.0/0;^M 011 AND tcp-src-port = 80;^M 012 ACCEPT tcp-dst-port > 
1023;^M 013 DENY;^M   
May 19 00:07:41 arc.ip.addr At 15:42:49, Facility "SBUS", Level 
"UNUSUAL":: invalid token near line 1 (text was '^M')
May 19 00:07:41 arc.ip.addr At 15:42:49, Facility "SBUS", Level 
"UNUSUAL":: invalid token near line 2 (text was '^M')
May 19 00:07:41 arc.ip.addr At 15:42:49, Facility "SBUS", Level 
"UNUSUAL":: invalid token near line 3 (text was '^M')
May 19 00:07:41 arc.ip.addr At 15:42:49, Facility "SBUS", Level 
"UNUSUAL":: invalid token near line 4 (text was '=')
May 19 00:07:41 arc.ip.addr At 15:42:49, Facility "SBUS", Level 
"UNUSUAL"::  ERRRRRRORRR
May 19 00:07:41 arc.ip.addr At 15:42:49, Facility "SBUS", Level 
"UNUSUAL"::  
=============================================================================== 

May 19 00:07:41 arc.ip.addr At 15:42:49, Facility "SBUS", Level 
"UNUSUAL"::  HiPerARC Filter Rules #filter IP:  
May 19 00:07:41 arc.ip.addr At 15:42:49, Facility "SBUS", Level 
"UNUSUAL":: line 4: syntax error near or at "AND"
May 19 00:07:41 arc.ip.addr At 15:42:49, Facility "Auth Facility", Level 
"VERBOSE":: User some-username successfully connected to the PPP process 
for call id 18612240 on interface slot:2/mod:29
May 19 00:07:41 arc.ip.addr At 15:42:49, Facility "Auth Facility", Level 
"COMMON":: Port slot:2/mod:29 user some-username session connected, call 
id 18612240, protocol: PPP - ip address: client.ip.addr
May 19 00:07:41 arc.ip.addr At 15:42:49, Facility "User Manager", Level 
"COMMON":: arc.ip.addr ACCT START: user name: some-username - session: 
18612240 - port 1541 - authenticated: RADIUS - type: FRAMED - protocol: 
PPP - ip address: client.ip.addr

May 19 00:07:40 arc.ip.addr At 15:42:48, Facility "Auth Facility", Level "COMMON":: A call is established, call id 18612240, on interface slot:2/mod:29 
May 19 00:07:40 arc.ip.addr At 15:42:48, Facility "Call Initiation Process", Level "COMMON":: CIP: Detected PPP frame, state 1, line 388, File ../../src/cip_xmt_rx.c 
May 19 00:07:41 arc.ip.addr At 15:42:49, Facility "Auth Facility", Level "COMMON":: Port slot:2/mod:29 successful RADIUS authentication for user: some-username 
May 19 00:07:41 arc.ip.addr At 15:42:49, Facility "MPIP", Level "COMMON":: MPIP Link registration failed, because the client state is OFF 
May 19 00:07:41 arc.ip.addr At 15:42:49, Facility "Filter Manager Process", Level "COMMON":: FM: No RADIUS rules available for user_handle=58e007, status=554d650c 
May 19 00:07:41 arc.ip.addr At 15:42:49, Facility "SBUS", Level "UNUSUAL"::  INPUT=== #filter^M IP:^M ^M 001 AND src-addr = 0.0.0.0/0;^M 002 AND dst-addr = x.x.x.x/32;^M 003 ACCEPT udp-dst-port = 53;^M 004 AND src-addr = 0.0.0.0/0;^M 005 AND dst-addr = y.y.y.y/32;^M 006 ACCEPT udp-dst-port = 53;^M 007 AND src-addr = 0.0.0.0/0;^M 008 AND dst-addr = z.z.z.z/32;^M 009 ACCEPT tcp-dst-port = 80;^M 010 DENY;^M   
May 19 00:07:41 arc.ip.addr At 15:42:49, Facility "SBUS", Level "UNUSUAL":: invalid token near line 1 (text was '^M') 
May 19 00:07:41 arc.ip.addr At 15:42:49, Facility "SBUS", Level "UNUSUAL":: invalid token near line 2 (text was '^M') 
May 19 00:07:41 arc.ip.addr At 15:42:49, Facility "SBUS", Level "UNUSUAL":: invalid token near line 3 (text was '^M') 
May 19 00:07:41 arc.ip.addr At 15:42:49, Facility "SBUS", Level "UNUSUAL":: invalid token near line 4 (text was '=') 
May 19 00:07:41 arc.ip.addr At 15:42:49, Facility "SBUS", Level "UNUSUAL"::  ERRRRRRORRR 
May 19 00:07:41 arc.ip.addr At 15:42:49, Facility "SBUS", Level "UNUSUAL"::  =============================================================================== 
May 19 00:07:41 arc.ip.addr At 15:42:49, Facility "SBUS", Level "UNUSUAL"::  HiPerARC Filter Rules #filter IP:  
May 19 00:07:41 arc.ip.addr At 15:42:49, Facility "SBUS", Level "UNUSUAL":: line 4: syntax error near or at "AND" 
May 19 00:07:41 arc.ip.addr At 15:42:49, Facility "SBUS", Level "UNUSUAL"::  INPUT=== #filter^M IP:^M ^M 001 AND src-addr = x.x.x.x/32;^M 002 AND dst-addr = 0.0.0.0/0;^M 003 AND udp-src-port = 53;^M 004 ACCEPT udp-dst-port > 1023;^M 005 AND src-addr = y.y.y.y/32;^M 006 AND dst-addr = 0.0.0.0/0;^M 007 AND udp-src-port = 53;^M 008 ACCEPT udp-dst-port > 1023;^M 009 AND src-addr = z.z.z.z/32;^M 010 AND dst-addr = 0.0.0.0/0;^M 011 AND tcp-src-port = 80;^M 012 ACCEPT tcp-dst-port > 1023;^M 013 DENY;^M   
May 19 00:07:41 arc.ip.addr At 15:42:49, Facility "SBUS", Level "UNUSUAL":: invalid token near line 1 (text was '^M') 
May 19 00:07:41 arc.ip.addr At 15:42:49, Facility "SBUS", Level "UNUSUAL":: invalid token near line 2 (text was '^M') 
May 19 00:07:41 arc.ip.addr At 15:42:49, Facility "SBUS", Level "UNUSUAL":: invalid token near line 3 (text was '^M') 
May 19 00:07:41 arc.ip.addr At 15:42:49, Facility "SBUS", Level "UNUSUAL":: invalid token near line 4 (text was '=') 
May 19 00:07:41 arc.ip.addr At 15:42:49, Facility "SBUS", Level "UNUSUAL"::  ERRRRRRORRR 
May 19 00:07:41 arc.ip.addr At 15:42:49, Facility "SBUS", Level "UNUSUAL"::  =============================================================================== 
May 19 00:07:41 arc.ip.addr At 15:42:49, Facility "SBUS", Level "UNUSUAL"::  HiPerARC Filter Rules #filter IP:  
May 19 00:07:41 arc.ip.addr At 15:42:49, Facility "SBUS", Level "UNUSUAL":: line 4: syntax error near or at "AND" 
May 19 00:07:41 arc.ip.addr At 15:42:49, Facility "Auth Facility", Level "VERBOSE":: User some-username successfully connected to the PPP process for call id 18612240 on interface slot:2/mod:29 
May 19 00:07:41 arc.ip.addr At 15:42:49, Facility "Auth Facility", Level "COMMON":: Port slot:2/mod:29 user some-username session connected, call id 18612240, protocol: PPP - ip address: client.ip.addr 
May 19 00:07:41 arc.ip.addr At 15:42:49, Facility "User Manager", Level "COMMON":: arc.ip.addr ACCT START: user name: some-username - session: 18612240 - port 1541 - authenticated: RADIUS - type: FRAMED - protocol: PPP - ip address: client.ip.addr

alex

tags

participants (1)