Framed-Route and proxying
Joe Maimon
jmaimon at ttec.com
Tue Nov 8 19:23:19 CET 2005
Jason Frisvold wrote:
>
> I *think* that's more what I'm looking for.. The idea is to put a
> user in a suspended group that will only allow them to go to the
> payment server. By using a proxy, I can intercept all port 80 traffic
> and redirect them to the proper location.
>
> Does that make more sense?
>
Lets say you used cisco gear (where I use this concept in different ways
fairly often)
You would do something like this, without any loss of performance.
Default Hint == "Suspended"
Cisco-Avpair += "lcp:interface-config=ip vrf forwarding
suspended",
Cisco-Avpair += "lcp:interface-config=ip unnumbered l10",
Cisco-Avpair += "ip:addr-pool=suspended"
On the cisco you would config it like this, aside from the normal aaa
config and whatnot
ip vrf suspended
rd 1:1
int l10
ip vrf forwarding suspended
ip address 10.1.1.1 255.255.255.255
int fa0.10
description proxy server
encapsulation dot1q 10
ip vrf forwardin suspended
ip address 10.2.2.1 255.255.255.0
ip local pool suspended 10.10.0.1 10.10.10.255
ip route vrf suspended 0.0.0.0 0.0.0.0 10.2.2.1
> --
> Jason 'XenoPhage' Frisvold
> XenoPhage0 at gmail.com
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
More information about the Freeradius-Users
mailing list