Ascend-Data-Filter with srcip from ippool

Andreas Kalb (akalb) akalb at cisco.com
Mon Mar 31 16:12:00 CEST 2008


Hello,

I'm trying to use Ascend-data-filters together with IP-pool

DEFAULT Pool-Name := test_pool
        Fall-Through = Yes

DEFAULT User-Name := "test_...", Cleartext-Password := test
        Service-Type = Framed-User,
        Framed-Protocol = PPP,
        Session-Timeout = 65000,
        Idle-Timeout = 3600,
        Ascend-Maximum-Time = 64000,
        Ascend-Idle-Limit = 3600,
        Ascend-Data-Filter := "ip in forward srcip
%{Framed-IP-Address}/32 dstip 1.1.1.2/32"

The pool is working well, but the filter doesn't:

Login OK: [test_001/test] (from client bb-10k port 808583209)
  Processing the post-auth section of radiusd.conf
modcall: entering group post-auth for request 0
rlm_ippool: Searching for an entry for nas/port: 172.16.1.7/808583209
rlm_ippool: Found a stale entry for ip/port: 172.16.100.135/808583209
rlm_ippool: num: 0
rlm_ippool: Searching for an entry for nas/port: 172.16.1.7/808583209
rlm_ippool: Allocating ip to nas/port: 172.16.1.7/808583209
rlm_ippool: num: 1
rlm_ippool: Allocated ip 172.16.103.107 to client on nas 172.16.1.7,port
808583209
  modcall[post-auth]: module "test_pool" returns ok for request 0
modcall: leaving group post-auth (returns ok) for request 0
Sending Access-Accept of id 195 to 172.16.1.7 port 21646
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Session-Timeout = 65000
        Idle-Timeout = 3600
        Ascend-Maximum-Time = 64000
        Ascend-Idle-Limit = 3600
        Ascend-Data-Filter := "ip in forward dstip 1.1.1.2/32 0"
        Framed-IP-Address = 172.16.103.107
        Framed-IP-Netmask = 255.255.255.0

Looks like IP is taken from pool after users-file got processed. I
wouldn't know how to change that order or where to add the filter then.

Pls let me know whether this should work in some way and how to
configure it then?

Kind Regards,

    Andreas




More information about the Freeradius-Users mailing list