[Issue] Precedence and order for NAS-Filter-Rule

["Greg Weber \(gdweber\)" <gdweber@cisco.com>]

Description of issue: Precedence and order for NAS-Filter-Rule
Submitter name: Greg Weber
Submitter email address: gdweber@cisco.com
Date first submitted: February 2, 2006
Reference: http://ops.ietf.org/lists/radiusext/2006/msg00090.html
Document: IEEE802-01
Comment type: Technical
Priority: S
Section: 2.5
Rationale/Explanation of issue:

At the very end of Section 2.5 on NAS-Filter-Rule,
it says that the NAS can apply rules of its own before
rules supplied via the interface in this document.
I didn't understand the ordering and precedence 
between filters originated from the different sources.
Is that covered somewhere?  If the server sends a 
flush-rule via CoA-Request, does that remove the 
NAS originated (configured) rules?  The text is implying
that the rules are applied in specific order based on 
type, e.g. HTTP filter rules are last.  What if the NAS
defines the HTTP filter rule, and other types come via 
CoA?  What's the order then?  This seems like an area
of likely implementation confusion.

Requested change:
I think the precedence of locally configured rules
relative to dynamic updates needs to be clarified.  
It might also be useful to treat this in the examples
of Appendix B.  This seems similar to Issue 107
related to Acct-Interim-Interval.  The NAS owner needs
to be able to protect his resources, and the server
owner needs predictable results for dynamic updates.

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>