On Mon, 6 Dec 1999, Jesse Sipprell wrote:
Until recently I had been using:
enable ip SOURCE_ADDRESS_FILTER set network user default PPP_SOURCE_IP_FILTER enabled
to prevent network users from spoofing source addresses. I now have one customer who has the need to have multiple subnets routed to them, which requires me to turn this option off globally.
Is there any method of leaving this ON, but turning off PPP_SOURCE_IP_FILTER for a specific user via RADIUS?
You can do it the other way around... leave the filter off, but turn it ON for a user in Radius. If you turn it on for the DEFAULT user, that's got the same effect as turning it on globally. Then you can leave it off for the users that have subnets routed to them, since they have their own entries anyway. I've got the attribute name as USR-IP-SAA-Filter, vendor-specific attribute number 0x9870. Mike Andrews (MA12) * mandrews@dcr.net * http://www.bit0.com/ VP, sysadmin, & network guy, Digital Crescent Inc, Frankfort KY Internet services for Frankfort, Lawrenceburg, Owenton, & Shelbyville "Don't sweat the petty things, and don't pet the sweaty things." - To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.