RTR-Admins (which are allowed to access all CPE-IPs) - difficult (big net) so I want to use REGEX wildcards, which unfortunatly covers the FW-IPs
huntgroups:
FW-IPs NAS-IP-Address == "10.0.0.1" FW-IPs NAS-IP-Address == "10.0.0.2" FW-IPs NAS-IP-Address == "10.0.0.3"
CPE-IPs NAS-IP-Address =~ '10\.0\..*\..*'
TEST-IPs NAS-IP-Address == "10.0.255.1" TEST-IPs NAS-IP-Address == "10.0.255.2" TEST-IPs NAS-IP-Address == "10.0.255.3"
users:
anderson Huntgroup-Name == "CPE-IPs", Huntgroup-Name != "FW-IPs" (Is this possible ?!?) - for a user who should access all the 10.0.0.0/16 net except the FW IP's.
No. Do this: anderson Huntgroup-Name == "FW-IPs", Auth-Type:=Reject ( it will cut down processing) This is an example when you should set Auth-Type. CPE huntgroup includes all others so can do away with it. Ivan Kalik Kalik Informatika ISP