Terry J Fike Jr wrote:
They use the Class attribute to tell their box what users are being filtered and how (which filtering ruleset). but it means that either the nas device has to send the data to it, or i can radrelay it to the 8e6 box (which is what i'm using for testing at the moment). it also has the ability (i think) to recieve data like an accounting server and then forward it to the actual accounting server.
how do i modify the Access-Accept to send it to the NAS so it can add this attribute in the accounting packet? I don't remember seeing anything like that in the readmes or comments in the conf files? (not to say i couldn't be blind and have totally missed it though)
Hi Terry
I have been using the 8e6 box for about 1 1/2 with freeradius, both on the r2000 and then on the r3000, please find an example of how to use radius to update the 8e6 unit.
I would never use the 8e6 box in relay mode because it add one more way for the network to break.
Example of a command line usage of the 8e6 box
radius1:/tmp# cat attribs User-Name=User97 Acct-Status-Type=Start Class="xstop: Rule1, http://www.localnet/blocked/"; Framed-IP-Address=192.168.1.35
/usr/bin/radclient -d /usr/share/freeradius/ -f /tmp/attribs filter.localnet:1813 acct password
I can not remember if I needed to edit the dictionarys to make this all work
I have written scripts which use the acct_users system to send a filter rule to the 8e6 box each time I receive a "Start", "Alive" and "Stop".
Cheers Mike
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
