Here is what I did. 192.168.1.0 and 192.168.2.0 are the local IPs of my
local servers that they can do anything on. Also the users dial into
198.162.1.0/24 . The first line permits them to access 1.x, and the second
2.x. The Third while not required I add anyway just for clarity sake. Also
I did not both with an .out filter as not being able to send replies limits
what they can do enough for the most part.
pm3-1>show filter local.in
1 permit 198.162.1.0/24 198.162.1.0/24 ip
2 permit 198.162.1.0/24 198.162.2.0/24 ip
3 deny 198.162.1.0/24 0.0.0.0/24 ip
pm3-1>
user entry (I had multiple defaults so this being the most restrictive I
put it first so users that match it get it and little chance of falling
through):
DEFAULT1 Auth-Type = System, Group = "Local-Filter"
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-Compression = Van-Jacobson-TCP-IP,
Idle-Timeout = 450,
Filter-Id = "local",
Framed-MTU = 1500
Tom
----
Thomas C Kinnen - <tom@lcp.livingston.com>
[Test Engineer - Radius ABM] - LUCENT Technologies RABU
<URL:http://www.livingston.com/> * <URL:http://www.lucent.com/dns/>
-
To unsubscribe, email 'majordomo@livingston.com' with
'unsubscribe portmaster-users' in the body of the message.
Searchable list archive: <URL:http://www.livingston.com/Tech/archive/>