>RTR-Admins (which are allowed to access all CPE-IPs) >- difficult (big net) so I want to use REGEX wildcards, which >unfortunatly covers the FW-IPs >
> >huntgroups: > >FW-IPs NAS-IP-Address == "10.0.0.1" >FW-IPs NAS-IP-Address == "10.0.0.2" >FW-IPs NAS-IP-Address == "10.0.0.3" > >CPE-IPs NAS-IP-Address =~ '10\.0\..*\..*' > >TEST-IPs NAS-IP-Address == "10.0.255.1" >TEST-IPs NAS-IP-Address == "10.0.255.2" >TEST-IPs NAS-IP-Address == "10.0.255.3" > > >users: > >anderson Huntgroup-Name == "CPE-IPs", Huntgroup-Name != "FW-IPs" (Is >this possible ?!?) >- for a user who should access all the 10.0.0.0/16 net except the FW IP's. > No. Do this: anderson Huntgroup-Name == "FW-IPs", Auth-Type:=Reject ( it will cut down processing) This is an example when you should set Auth-Type. CPE huntgroup includes all others so can do away with it. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html