[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Issue: Attribute concatenation/splitting

To: <Pasi.Eronen@nokia.com>, <radiusext@ops.ietf.org>
Subject: RE: Issue: Attribute concatenation/splitting
From: "Avi Lior" <avi@bridgewatersystems.com>
Date: Sat, 8 Jul 2006 17:05:01 -0400
References: <B356D8F434D20B40A8CEDAEC305A1F2402DDCF1F@esebe105.NOE.Nokia.com>

Title: RE: Issue: Attribute concatenation/splitting

Hi Passi,

Are we talking about NAS-Filter-Rule? That is what I was talking about.

NAS-Filter-Rule is IPFilterRule which can only have permit or deny in the action position.

However if you are talking about the Redirection work then you are right.

-----Original Message-----
From: Pasi.Eronen@nokia.com [mailto:Pasi.Eronen@nokia.com]
Sent: Sat 7/8/2006 12:24 PM
To: Avi Lior; radiusext@ops.ietf.org
Subject: RE: Issue: Attribute concatenation/splitting

Avi Lior wrote:
> I have to read the draft. Is permit/deny allowed inside the
> attribute because we are allowed to include more then one rule
> inside the packet? If that is the case IMO we should not do that.
> One rule per attribute.

No, it's because there are rule elements (e.g. tunnel-id, org-url
and redir-url) that are more-or-less arbitrary strings. In other
words, you could have a tunnel called "permit" or a URL that
contains the string "deny".

Best regards,
Pasi

Follow-Ups:
- RE: Issue: Attribute concatenation/splitting
  - From: <Pasi.Eronen@nokia.com>

References:
- RE: Issue: Attribute concatenation/splitting
  - From: <Pasi.Eronen@nokia.com>

Prev by Date: RE: Issue: Attribute concatenation/splitting
Next by Date: Re: Issue: Attribute concatenation/splitting
Previous by thread: RE: Issue: Attribute concatenation/splitting
Next by thread: RE: Issue: Attribute concatenation/splitting
Index(es):
- Date
- Thread