On Thu, 12 Jul 2001 [EMAIL PROTECTED] wrote:
..
> Orly,
>
> This is only possible if your NAS supports it? BTW, do you know where I can
> find more resources regarding this topic? Thanks.
I believe my information is specific enough: I give an example that has
been tested on Cisco, and Ascend. For all other NAS'es, RTFM.
..
> On Cisco, you can send a VSA avpair which implements a dynamic ACL
> limiting them to certain ports and IP address ranges. The syntax is like
> this:
>
> cisco-avpair = "ip:inacl#5=permit ip any 202.47.132.0 0.0.0.255"
> cisco-avpair = "ip:inacl#99=deny ip any any"
>
> in the case above, only access to 202.47.132.0/24 is allowed (obviously).
> You can also limit per-port, in line with usual Cisco ACL configuration.
> For Ascend hardware:
>
> Ascend-Data-Filter = "ip in forward dstip 202.47.132.0/24"
>
> (does the same thing as for Cisco).
--
Orlando Andico <[EMAIL PROTECTED]>
Mosaic Communications, Inc.
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GE d(-) s: a-25 C++++ UBLSI++++$ P+++ L+++>++++ E- W++ N(+)
o K? w O-- M- !V PS(++) PE- Y PGP-- t(+)@ 5(+) X++@ R(+) tv@
b++ DI++ G e++@ h--(*) r% y+
------END GEEK CODE BLOCK------
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
To subscribe to the Linux Newbies' List: send "subscribe" in the body to
[EMAIL PROTECTED]
