[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [AAA-WG]: Question regarding IP Filter Rule
Hi Jari,
You could use Framed-Route but now all traffic would be routed to the Portal
etc.....
I think it would be more appropriate to introduce a new attribute so that:
A) the NAS would deal with the routing functions (as it always does) and the
Portal does not have to do it.
B) We would have the flexibility to decide whether to route all traffic or
just some traffic.
> -----Original Message-----
> From: Jari Arkko [mailto:jari.arkko@kolumbus.fi]
> Sent: Tuesday, December 16, 2003 4:47 PM
> To: Avi Lior
> Cc: 'radiusext@ops.ietf.org'; aaa-wg@merit.edu
> Subject: Re: [AAA-WG]: Question regarding IP Filter Rule
>
>
> Avi Lior wrote:
> > The Black I-D and PWLAN draft prompted me to check something out.
> >
> > It seems to me that something is missing in Diameter. Using the
> > filter specification in 3588 its not clear how I force a
> forward. The
> > only actions supported are permit or deny whereas ipfw supports a
> > forward mechanism as well.
> >
> > The motivation for this is the requirement in (WLAN for example)
> > whereby I want to force all http traffic to a specific
> portal and deny
> > all other traffic until the portal instructs the NAS
> otherwise. This
> > needs to be done either during an Access Accept or
> mid-session using
> > COA.
>
> Does it have to be http specific? You could set Framed-Route
> and then do Re-Authz when the routing changes. But
> Framed-Route is not specific to a protocol or port.
>
> --Jari
>
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>