Re: Setting up filters

Kate Murphy ( )
Fri, 11 Apr 1997 08:19:01 -0400


We have RadiusNT running as part of a distributed security solution. The
NAS client on the RadiusNT box) is actually the Central RADIUS server that
receives the intitial authentication requests - examines the realm or domain
name of the user login ( and forwards the request to
the RadiusNT box that has the user files for "" and lists the
Central Radius in the client file as the NAS.

The Central RADIUS server is a sparc running another version of RADIUS and
has several Ascend 4000's in the client files as NASs.

In the RadiusNT boxes that are set up with users from one or more
domain(realm) names, I would like to set up a filter for when a user dials
into the 1-800 rack, he is disconnected (Central Radius receives a NAK which
goes back to the NAS) - but when they dial into a local NAS - through
Central Radius to the appropriate realm RadiusNT box, they receive an "ACK".

I think I can put Framed-Filter=some number and define the filter in the
dictionary file. The question is - should I set up two filters (like in
static routing) like

Filter 1 as : nopass (source IP address of 800 rack) (destination IP address
of RadiusNT box)
Filter 2 as: pass ( (destination IP address of RadiusNT box)

Would this work? I am not sure what the exact syntax should be on the NT
box - any help would be greatly appreciated!