Level3 Ascend filter verses Qwest Ascend question
Chris Adams
cistron-radius@lists.cistron.nl
Fri, 23 Apr 2004 08:33:08 -0500
Once upon a time, Network Admin <joe@config.com> said:
> Some time ago, when we started leasing ports from Qwest, I managed to get
> the Ascend filters installed and havn't had a problem since, that is,
> until Level 3 starting porting the ICG ports to their network. Now, I'm
> told that Qwest and Level3 have two different requirements regarding the
> Ascend Data Filter.
>
> Does anyone have an dictionary.ascend file that will work with both the
> Qwest and Level3 networks? Or is this the point where I have to make my
> own?
The only thing that I can think of that could be different would be if
one wants "old style" Ascend attributes and one wants VSAs. That is
kind of ugly (they should both be using VSAs, which is what Cistron
RADIUSD with my patch will do by default), but you could do something
like:
in /etc/raddb/huntgroups:
wantvsa Client-IP-Address = 1.2.3.4
wantascend Client-IP-Address = 5.6.7.8
in /usr/share/radius/dictionary.ascend:
ATTRIBUTE Ascend-Data-Filter-VSA 242 abinary Ascend
ATTRIBUTE Ascend-Call-Filter-VSA 243 abinary Ascend
ATTRIBUTE Ascend-Data-Filter 242 abinary
ATTRIBUTE Ascend-Call-Filter 243 abinary
in /etc/raddb/users:
DEFAULT Simultaneous-Use = 1, Auth-Type = System
Reply-Message = "Welcome to the config.com network! Happy surfing...",
Idle-Timeout = 3600,
Session-Timeout = 43200,
Port-Limit = 1,
...
Fall-Through = Yes
DEFAULT Simultaneous-Use = 1, Auth-Type = System, Huntgroup-Name = "wantvsa"
Ascend-Data-Filter-VSA = "ip in forward tcp est",
Ascend-Data-Filter-VSA = "ip in forward dstip 216.28.158.11/32",
Ascend-Data-Filter-VSA = "ip in forward dstip 63.168.220.222/32",
...
DEFAULT Simultaneous-Use = 1, Auth-Type = System, Huntgroup-Name = "wantascend"
Ascend-Data-Filter = "ip in forward tcp est",
Ascend-Data-Filter = "ip in forward dstip 216.28.158.11/32",
Ascend-Data-Filter = "ip in forward dstip 63.168.220.222/32",
...
--
Chris Adams <cmadams@hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.