[Emerald] Adding filters on a PM3

Mark Oven ( markoven@usa.net )
2 Feb 99 14:47:30 GMT

We are using Emerald 2.5.227 and the PM3's w/3.8.2 OS as our RAS.

What we are trying to do is to set up an online signup system that will let
anyone to access our RAS with a set username and password (for example
username : newcustomer and password : newcustomer). Those who are dialing in
with this username and password will be told to go to our subscription page
(for example subscribe.abcnet.com w/IP 199.199.199.199)to fill out the
relevant pages and get a membership online.

To achieve this we added a filter named online to the PM3 as below. Our aim
is to prevent people to go anywhere else other than the subscription page.
Let's assume that our DNS server is at 199.199.199.1 :

Filtername : online
1 permit 0.0.0.0/0 199.199.199.1/32 tcp dst eq 53
2 permit 0.0.0.0/0 199.199.199.1/32 udp dst eq 53
3 permit 0.0.0.0/0 199.199.199.199/32 tcp dst eq 80

Once this was accomplished we created a service account (name : online
subsciption) in Emerald and added as the service default Framed-Filter :
online

Guess what? It didn't work. People acessing the RAS with the above filter
and username/password can still go anywhere they want.

We found out that the Rad Attribute should be Framed-Filter-Id for PM3 and
changed that accordingly. But still it let's everyone through.

What are we doing wrong here ? Should we add the rad attribute as a VSA ?
Is something wrong with the filter ?

Any help will be appreciated.

____________________________________________________________________
Get free e-mail and a permanent address at http://www.netaddress.com/?N=1

For more information about this list, including removal,
please see http://www.iea-software.com/maillist.html