[nsp] Filter-Id for AS5300
Dennis Peng
dpeng at cisco.com
Tue Jul 29 17:57:58 EDT 2003
When you use the Filter-Id attribute, you can reference a numbered or
named ACL that is preconfigured on the AS5300. So if you had something
trivial like:
access-list 101 deny icmp any any
access-list 101 permit ip any any
Then in the RADIUS profile, you would do something like:
Filter-Id = "101"
By default, we will apply the ACL on the outbound side. To explicitly
state which direction you want it applied, you can use the .in or .out
suffix, ie:
Filter-Id = "101.in"
If you don't want to pre-configure the ACL on the AS5300 and want it
specified in the RADIUS profile, you can't use the Filter-Id
attribute. Instead, you'll need to use Cisco-AVPair and the inacl
attribute, like this;
Cisco-AVPair = "ip:inacl#1=deny icmp any any"
Cisco-AVPair = "ip:inacl#2=permit ip any any"
We do also support the Ascend-Data-Filter attribute for download ACL's
from the RADIUS server. You'll need to specify the "non-standard"
keyword in the radius-server host configuration line.
Dennis
Mark Tinka [mtinka at africaonline.co.ug] wrote:
> Hi all.
>
> Does anyone know how I can setup e-mail-only filters on AS5300 using the
> Filter-Id RADIUS attribute? I have searched the whole of cisco.com and
> failed to find anything conclusive on how this is configured, from start to
> finish.
>
> This seems to be on the only thing failing me, on the AS5300.
>
> All help appreciated. Thanks.
>
> Regards,
>
> Mark Tinka - CCNA
> Network Engineer, Africa Online Uganda
>
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list