[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [AAA-WG]: Question regarding IP Filter Rule

To: "'marco.stura@nokia.com'" <marco.stura@nokia.com>, Avi Lior <avi@bridgewatersystems.com>
Subject: RE: [AAA-WG]: Question regarding IP Filter Rule
From: Avi Lior <avi@bridgewatersystems.com>
Date: Wed, 17 Dec 2003 13:43:52 -0500
Cc: radiusext@ops.ietf.org, aaa-wg@merit.edu

Yes. But you also need the same in Diameter (I think? Well DCC did right?)

> -----Original Message-----
> From: marco.stura@nokia.com [mailto:marco.stura@nokia.com] 
> Sent: Wednesday, December 17, 2003 12:03 PM
> To: avi@bridgewatersystems.com
> Cc: radiusext@ops.ietf.org; aaa-wg@merit.edu
> Subject: RE: [AAA-WG]: Question regarding IP Filter Rule
> 
> 
> > You have to invent a new attribute or use Framed-IP-Route to
> > do redirects.
> 
> Are you talking about RADIUS attribute? 
> 
> > -----Original Message-----
> > From: ext Avi Lior [mailto:avi@bridgewatersystems.com]
> > Sent: 17 December, 2003 18:58
> > To: Stura Marco (NET/Helsinki); Avi Lior
> > Cc: radiusext@ops.ietf.org; aaa-wg@merit.edu
> > Subject: RE: [AAA-WG]: Question regarding IP Filter Rule
> > 
> > 
> > Scratch that.  I was mistaken. IPFW does not support redirects.
> > 
> > You have to invent a new attribute or use Framed-IP-Route to
> > do redirects.
> > 
> > > -----Original Message-----
> > > From: marco.stura@nokia.com [mailto:marco.stura@nokia.com]
> > > Sent: Wednesday, December 17, 2003 2:20 AM
> > > To: avi@bridgewatersystems.com
> > > Cc: radiusext@ops.ietf.org; aaa-wg@merit.edu
> > > Subject: RE: [AAA-WG]: Question regarding IP Filter Rule
> > > 
> > > 
> > > Avi Lior wrote
> > > 
> > > > The Black I-D and PWLAN draft prompted me to check 
> something out.
> > > > 
> > > > It seems to me that something is missing in Diameter.  
> Using the 
> > > > filter specification in 3588 its not clear how I force 
> a forward.
> > > > The only actions
> > > > supported are permit or deny whereas ipfw supports a forward 
> > > > mechanism as
> > > > well.
> > > > 
> > > > The motivation for this is the requirement in (WLAN for
> > > > example) whereby I
> > > > want to force all http traffic to a specific portal and
> > > deny all other
> > > > traffic until the portal instructs the NAS otherwise.  This
> > > > needs to be done
> > > > either during an Access Accept or mid-session using COA.
> > > 
> > > How to redirect user traffic (e.g. http) is implementation
> > > specific and I think is not a Diameter business. If you want 
> > > to indicate redirect traffic to a specific address, in 
> > > Diameter applications you can define a grouped AVP to realize 
> > > the functionality. One example could be the 
> > > Final-Unit-Indication in the DCC application.
> > > 
> > > Regards
> > > Marco
> > > 
> > 
> 

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Prev by Date: RE: QoS attributes
Next by Date: RE: QoS attributes
Previous by thread: Re: [AAA-WG]: Question regarding IP Filter Rule
Index(es):
- Date
- Thread