Limit of 68 entries per session?
Jay Kuhne (jkuhne)
jkuhne at cisco.com
Mon Aug 23 21:58:47 CEST 2010
Hello,
I am attempting to create ACLs for a session (dual-stack v4 & v6) with
freeradius using av-pair.
I am finding that with fall-through, I am limited to 68 lines no matter
what the content.
Does anyone know off-hand if this is a configuration limitation or does
it have to do with RADIUS packet size?
For example, you can see in this Radusd -X output, the last 2 permit
statements here are these yet I have another 66 entries I would like to
add.
Cisco-AVPair += "ip:inacl#3=permit ip 50.3.1.1 0.0.255.255 any"
Cisco-AVPair += "ip:inacl#4=permit ip 50.4.1.1 0.0.255.255 any"
Thanks in advance if anyone has the answer.
Jay
[pap] returns ok
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 144 to 5.28.6.10 port 1645
Service-Type += Framed-User
Framed-Protocol += PPP
Framed-IPv6-Prefix += 15:0:0:1::/64
Cisco-AVPair += "ipv6:inacl#1=permit ipv6 15::1:0:0:0:0/64 any"
Cisco-AVPair += "ipv6:inacl#2=permit tcp 1::1/64 any eq 50001"
Cisco-AVPair += "ip:inacl#1=permit ip host 21.1.1.2 any"
Cisco-AVPair += "ip:inacl#2=permit tcp 192.1.1.1 0.0.255.255 any
eq 11"
Framed-IP-Address += 21.1.1.2
X-Ascend-Maximum-Time == 10000
X-Ascend-Idle-Limit == 30000
Cisco-AVPair += "ipv6:inacl#3=permit ipv6 any
31:1:1:3:1:1:1:1/64"
Cisco-AVPair += "ipv6:inacl#4=permit ipv6 any
31:1:1:4:1:1:1:1/64"
Cisco-AVPair += "ipv6:inacl#5=permit ipv6 any
31:1:1:5:1:1:1:1/64"
Cisco-AVPair += "ipv6:inacl#6=permit ipv6 any
31:1:1:6:1:1:1:1/64"
Cisco-AVPair += "ipv6:inacl#7=permit ipv6 any
31:1:1:7:1:1:1:1/64"
Cisco-AVPair += "ipv6:inacl#8=permit ipv6 any
31:1:1:8:1:1:1:1/64"
Cisco-AVPair += "ipv6:inacl#9=permit ipv6 any
31:1:1:9:1:1:1:1/64"
Cisco-AVPair += "ipv6:inacl#10=permit ipv6 any
31:1:1:a:1:1:1:1/64"
Cisco-AVPair += "ipv6:inacl#11=permit ipv6 any
31:1:1:b:1:1:1:1/64"
Cisco-AVPair += "ipv6:inacl#12=permit ipv6 any
31:1:1:c:1:1:1:1/64"
Cisco-AVPair += "ipv6:inacl#13=permit ipv6 any
31:1:1:d:1:1:1:1/64"
Cisco-AVPair += "ipv6:inacl#14=permit ipv6 any
31:1:1:e:1:1:1:1/64"
Cisco-AVPair += "ipv6:inacl#15=permit ipv6 any
31:1:1:f:1:1:1:1/64"
Cisco-AVPair += "ipv6:inacl#16=permit ipv6 any
31:1:1:10:1:1:1:1/64"
Cisco-AVPair += "ipv6:inacl#17=permit ipv6 any
31:1:1:11:1:1:1:1/64"
Cisco-AVPair += "ipv6:inacl#18=permit ipv6 any
31:1:1:12:1:1:1:1/64"
Cisco-AVPair += "ipv6:inacl#19=permit ipv6 any
31:1:1:13:1:1:1:1/64"
Cisco-AVPair += "ipv6:inacl#20=permit ipv6 any
31:1:1:14:1:1:1:1/64"
Cisco-AVPair += "ipv6:inacl#21=permit ipv6 any
31:1:1:15:1:1:1:1/64"
Cisco-AVPair += "ipv6:inacl#22=permit ipv6 any
31:1:1:16:1:1:1:1/64"
Cisco-AVPair += "ipv6:inacl#23=permit ipv6 any
31:1:1:17:1:1:1:1/64"
Cisco-AVPair += "ipv6:inacl#24=permit ipv6 any
31:1:1:18:1:1:1:1/64"
Cisco-AVPair += "ipv6:inacl#25=permit ipv6 any
31:1:1:19:1:1:1:1/64"
Cisco-AVPair += "ipv6:inacl#26=permit ipv6 any
31:1:1:1a:1:1:1:1/64"
Cisco-AVPair += "ipv6:inacl#27=permit ipv6 any
31:1:1:1b:1:1:1:1/64"
Cisco-AVPair += "ipv6:inacl#28=permit ipv6 any
31:1:1:1c:1:1:1:1/64"
Cisco-AVPair += "ipv6:inacl#29=permit ipv6 any
31:1:1:1d:1:1:1:1/64"
Cisco-AVPair += "ipv6:inacl#30=permit ipv6 any
31:1:1:1e:1:1:1:1/64"
Cisco-AVPair += "ipv6:inacl#31=permit ipv6 any
31:1:1:1f:1:1:1:1/64"
Cisco-AVPair += "ipv6:inacl#32=permit ipv6 any
31:1:1:20:1:1:1:1/64"
Cisco-AVPair += "ipv6:inacl#33=permit ipv6 any
31:1:1:21:1:1:1:1/64"
Cisco-AVPair += "ipv6:inacl#34=permit ipv6 any
31:1:1:22:1:1:1:1/64"
Cisco-AVPair += "ipv6:inacl#35=permit ipv6 any
31:1:1:23:1:1:1:1/64"
Cisco-AVPair += "ipv6:inacl#36=permit ipv6 any
31:1:1:24:1:1:1:1/64"
Cisco-AVPair += "ipv6:inacl#37=permit ipv6 any
31:1:1:25:1:1:1:1/64"
Cisco-AVPair += "ipv6:inacl#38=permit ipv6 any
31:1:1:26:1:1:1:1/64"
Cisco-AVPair += "ipv6:inacl#39=permit ipv6 any
31:1:1:27:1:1:1:1/64"
Cisco-AVPair += "ipv6:inacl#40=permit ipv6 any
31:1:1:28:1:1:1:1/64"
Cisco-AVPair += "ipv6:inacl#41=permit ipv6 any
31:1:1:29:1:1:1:1/64"
Cisco-AVPair += "ipv6:inacl#42=permit ipv6 any
31:1:1:2a:1:1:1:1/64"
Cisco-AVPair += "ipv6:inacl#43=permit ipv6 any
31:1:1:2b:1:1:1:1/64"
Cisco-AVPair += "ipv6:inacl#44=permit ipv6 any
31:1:1:2c:1:1:1:1/64"
Cisco-AVPair += "ipv6:inacl#45=permit ipv6 any
31:1:1:2d:1:1:1:1/64"
Cisco-AVPair += "ipv6:inacl#46=permit ipv6 any
31:1:1:2e:1:1:1:1/64"
Cisco-AVPair += "ipv6:inacl#47=permit ipv6 any
31:1:1:2f:1:1:1:1/64"
Cisco-AVPair += "ipv6:inacl#48=permit ipv6 any
31:1:1:30:1:1:1:1/64"
Cisco-AVPair += "ipv6:inacl#49=permit ipv6 any
31:1:1:31:1:1:1:1/64"
Cisco-AVPair += "ipv6:inacl#50=permit ipv6 any
31:1:1:32:1:1:1:1/64"
Cisco-AVPair += "ipv6:inacl#51=permit ipv6 any
31:1:1:33:1:1:1:1/64"
Cisco-AVPair += "ipv6:inacl#52=permit ipv6 any
31:1:1:34:1:1:1:1/64"
Cisco-AVPair += "ipv6:inacl#53=permit ipv6 any
31:1:1:35:1:1:1:1/64"
Cisco-AVPair += "ipv6:inacl#54=permit ipv6 any
31:1:1:36:1:1:1:1/64"
Cisco-AVPair += "ipv6:inacl#55=permit ipv6 any
31:1:1:37:1:1:1:1/64"
Cisco-AVPair += "ipv6:inacl#56=permit ipv6 any
31:1:1:38:1:1:1:1/64"
Cisco-AVPair += "ipv6:inacl#57=permit ipv6 any
31:1:1:39:1:1:1:1/64"
Cisco-AVPair += "ipv6:inacl#58=permit ipv6 any
31:1:1:3a:1:1:1:1/64"
Cisco-AVPair += "ipv6:inacl#59=permit ipv6 any
31:1:1:3b:1:1:1:1/64"
Cisco-AVPair += "ipv6:inacl#60=permit ipv6 any
31:1:1:3c:1:1:1:1/64"
Cisco-AVPair += "ipv6:inacl#61=permit ipv6 any
31:1:1:3d:1:1:1:1/64"
Cisco-AVPair += "ipv6:inacl#62=permit ipv6 any
31:1:1:3e:1:1:1:1/64"
Cisco-AVPair += "ipv6:inacl#63=permit ipv6 any
31:1:1:3f:1:1:1:1/64"
Cisco-AVPair += "ipv6:inacl#64=permit ipv6 any
31:1:1:40:1:1:1:1/64"
Cisco-AVPair += "ipv6:inacl#65=permit ipv6 any
31:1:1:41:1:1:1:1/64"
Cisco-AVPair += "ipv6:inacl#66=permit ipv6 any
31:1:1:42:1:1:1:1/64"
Cisco-AVPair += "ipv6:inacl#67=permit ipv6 any
31:1:1:43:1:1:1:1/64"
Cisco-AVPair += "ip:inacl#3=permit ip 50.3.1.1 0.0.255.255 any"
Cisco-AVPair += "ip:inacl#4=permit ip 50.4.1.1 0.0.255.255 any"
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 143 with timestamp +11
Cleaning up request 1 ID 144 with timestamp +11
Ready to process requests.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100823/a7217cca/attachment.html>
More information about the Freeradius-Users
mailing list