MAX_PACKET_LEN setting limiting number of Cisco- Avpair's
Oliver Graf
ograf at rz-online.net
Wed Jun 29 08:56:24 CEST 2005
On Tue, Jun 28, 2005 at 03:10:51PM -0700, Niall Browne wrote:
> Apart from this is there any other way to increase the number of
> Cisco-Avpair's within freeradius to be pushed to a firewall or is this the
> maximum ?
You already seem to know the way for creating acl via radius:
inacl#X
An input access list definition. For IP, standard or extended access
list syntax can be used, though you cannot mix them within a single
list. For IPX, only extended syntax is recognized. The value of this
attribute is the text that comprises the body of a named access list
definition.
outacl#X
An output access list definition. For IP, standard or extended access
list syntax can be used. For IPX, only extended syntax is recognized.
The value of this attribute is the text that comprises the body of a
named access list definition.
But you might also use the ip:inacl/outacl without a rule number to
assign a named ip access-list which is defined on the router:
router:
ip access-list extended No-EIGRP
remark Filters EIGRP Traffic
remark used with dynamic ADSL
deny eigrp any any
permit ip any any
radius:
Cisco-AVPair += "ip:inacl=No-EIGRP",
Cisco-AVPair += "ip:outacl=No-EIGRP"
If you have a CCO (I think you need one for that) you could take a
look at ciscos Dial Solutions Configuration Guide, which helps you
with such stuff.
Oliver.
More information about the Freeradius-Users
mailing list