At 11:56 AM 5/22/2002 +0200, De Schrijver Peter wrote:
> Hi !
>
> I�d like to set up a profile to force some users to take a
> certain route (gateway?) to the internet. Other users using the same box
> (lucent NAS) should be able to take a direct route (other gateway).
>
> Purpose is to have an optionally "content filtered" way for the
> users to surf the net.
>
> Is this possible with radius?
Yes, if the appropriate attributes are created and defined by the NAS
under Vendor-Specific attributes.
You mention Lucent, which means that you should be able to support the
'Ascend-IP-Direct' attribute. This sets the 'next-hop' address for traffic
from the user's session.
IE, if you have your normal gateway at 10.0.0.1, and web proxy server at
10.0.0.2, and you want to force certain traffic through the proxy, you would
return the attribute pair:
Ascend-IP-Direct = 10.0.0.2
for the sessions you want to redirect. You'll need to make sure that you
have the NAS and the radius server configured the same in terms of VSA vs.
Vendor-Proprietary.
Further questions should be directed to a support list for the NAS you are
using, as FreeRADIUS is certainly capable of returning any attribute to
the NAS. What attributes are required are up the the NAS vendor.
-Chris
--
\\\|||/// \ StarNet Inc. \ Chris Parker
\ ~ ~ / \ WX *is* Wireless! \ Director, Engineering
| @ @ | \ http://www.starnetwx.net \ (847) 963-0116
oOo---(_)---oOo--\------------------------------------------------------
\ Wholesale Internet Services - http://www.megapop.net
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
