[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Issue: Attribute concatenation/splitting

To: Pasi.Eronen@nokia.com
Subject: Re: Issue: Attribute concatenation/splitting
From: "Alan DeKok" <aland@nitros9.org>
Date: Thu, 06 Jul 2006 10:34:47 -0400
Cc: radiusext@ops.ietf.org
In-reply-to: Your message of "Thu, 06 Jul 2006 10:23:40 +0300." <B356D8F434D20B40A8CEDAEC305A1F2402DDC7EC@esebe105.NOE.Nokia.com>

Pasi.Eronen@nokia.com wrote:
> It is, by including a long list of ports: E.g. "permit in tcp from=20
> any to assigned 12345,22222,24224,27272,33333,..."

  In many of those cases, the list can be split on the *semantic*
level, rather than the RADIUS attribute level.  e.g. assuming there's
a trailing "deny all" filter, your example is entirely equivalent to

  permit in tcp from any to assigned 12345
  permit in tcp from any to assigned 22222
  permit in tcp from any to assigned 24224
  permit in tcp from any to assigned ...

  It's not optimal, but it will work, and it will avoid long RADIUS
attributes.

  Alan DeKok.

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Follow-Ups:
- Re: Issue: Attribute concatenation/splitting
  - From: "Bernard Aboba" <bernard_aboba@hotmail.com>

References:
- RE: Issue: Attribute concatenation/splitting
  - From: <Pasi.Eronen@nokia.com>

Prev by Date: RE: Issue: Attribute concatenation/splitting
Next by Date: Re: Issue: Attribute concatenation/splitting
Previous by thread: RE: Issue: Attribute concatenation/splitting
Next by thread: Re: Issue: Attribute concatenation/splitting
Index(es):
- Date
- Thread