Re: [Emerald] Adding filters on a PM3

Ed Miller ( (no email) )
Tue, 2 Feb 1999 10:47:31 -0500

We are using Emerald 2.5.227 and the PM3's w/3.8.2 OS as our RAS.
>What we are trying to do is to set up an online signup system that will let
>anyone to access our RAS with a set username and password (for example
>username : newcustomer and password : newcustomer). Those who are dialing
>with this username and password will be told to go to our subscription page
>(for example w/IP fill out the
>relevant pages and get a membership online.
>To achieve this we added a filter named online to the PM3 as below. Our aim
>is to prevent people to go anywhere else other than the subscription page.
>Let's assume that our DNS server is at :
>Filtername : online
> 1 permit tcp dst eq 53
> 2 permit udp dst eq 53
> 3 permit tcp dst eq 80
>Once this was accomplished we created a service account (name : online
>subsciption) in Emerald and added as the service default Framed-Filter :
>Guess what? It didn't work. People acessing the RAS with the above filter
>and username/password can still go anywhere they want.
>We found out that the Rad Attribute should be Framed-Filter-Id for PM3 and
>changed that accordingly. But still it let's everyone through.
>What are we doing wrong here ? Should we add the rad attribute as a VSA ?
>Is something wrong with the filter ?
>Any help will be appreciated.

I have no answer to this but I do have a question. Why RAS? Arn't you using
RadiusNT with the Emerald? Do you mean NAS?

For more information about this list, including removal,
please see