Hi there
I'm using Cisco-AVPairs to return ACL filter rules to a Cisco NAS: Cisco-AVPair = "ip:inacl#1=permit icmp any any reflect icmp" Cisco-AVPair = "ip:inacl#2=permit tcp any any eq 53 reflect dns-tcp" Cisco-AVPair = "ip:inacl#3=permit udp any any eq 53 reflect dns-udp" Cisco-AVPair = "ip:inacl#4=permit tcp any any eq 80 reflect http" ... and so on ... This works without any problem. The Cisco NAS has an IOS with firewall feature set and I want to inspect ftp connections. I have configured the following inspect rule: ip inspect name ftp-connections ftp timeout 30 And I have assigned this rule to the virtual template from which all virtual interfaces are created: interface virtual-template 1 ip inspect ftp-connections in By doing it like that, ftp connections on all virtual interfaces get inspected. There are a lot of these virtual interfaces and the CPU load on the cisco increases a lot. In fact only some of the virtual interfaces needs to be inspected, therefore I would like to return the "ip inspect" in a Cisco-AVPair. Can this be done? And how does the syntax for such a Cisco-AVPair look like? Thanks, Daniel - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
