[rbak-nsp] Forward policy via Radius
Daniel Celiński
daniel.02c at gmail.com
Tue May 21 08:43:39 EDT 2013
2013/5/21 Golem <golem at mtm-info.pl>
> Hi
>
> Im trying to setup simple forward policy via radius for clips access.
> While learning redback stuff I created simple ICMP filter.
>
> context routerek
> ...
> !
> policy access-list ICMPDROP
> seq 10 permit icmp host 212.77.100.101 class ICMP
> !
>
>
> In global config:
> !
> forward policy GeneralPolicy
> ip access-group ICMPDROP routerek
> class ICMP
> drop
> !
>
> port ethernet 2/1
> no shutdown
> encapsulation dot1q
> dot1q pvc 55 encapsulation multi
> bind interface ge1 routerek
> forward policy GeneralPolicy in
> service clips dhcp source-mac context routerek
> !
>
>
> Radius response is:
> Sending Access-Accept of id 93 to 178.219.0.23 port 1812
> Service-Type = Outbound-User
> Framed-IP-Address = 178.219.2.194
> Qos-Policy-Policing = "2M-in"
> Qos-Policy-Metering = "2M-out"
> Subscriber-Profile-Name = "routed"
> Forward-Policy = "ICMPDROP"
> DHCP_Max_Leases = 1
>
> Redback deny access and debug aaa shows:
> May 21 12:51:57: %AAA-7-RAD_ATTR: rad_parse_vsa: Receive Redback attr 92
> (Forward_Policy), tag = 32, status = bad attribute
>
> Where is problem ?
>
> --
> Best regards,
> Ozga Rafal mailto:golem at mtm-info.pl
>
>
> _______________________________________________
> redback-nsp mailing list
> redback-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/redback-nsp
>
Hi,
>From Radius response you need:
Forward-Policy = "in:GeneralPolicy"
--
Pozdrawiam.
Daniel Celiński
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/redback-nsp/attachments/20130521/31cd20b1/attachment.html>
More information about the redback-nsp
mailing list