RE: Inclusion of Filter-Id and NAS-Filter-Rule AVPs

["Nelson, David" <dnelson@enterasys.com>]

Bernard Aboba writes...
 
> Perhaps the best solution is simply to say this in the document.

That may, in fact, be the best we can do.

>  For example:
> 
> "The NAS-Filter-Rule attribute is not intended to be used 
> concurrently with any other filter rule attribute, including 
> Filter-Id (11) and NAS-Traffic-Rule [Traffic] attributes.  
> NAS-Filter-Rule and NAS-Traffic-Rule attributes MUST NOT appear
> in the same RADIUS packet.  If a NAS-Traffic-Rule attribute is
> present, a NAS implementing this specification MUST silently
> discard NAS-Filter-Rule attributes, if present.  Filter-Id and
> NAS-Filter-Rule attributes SHOULD NOT appear in the same RADIUS
> packet.
>
> Given the absence in [RFC4005] of well-defined precedence rules 
> for combining Filter-Id and NAS-Filter-Rule attributes into a single 
> rule set, the behavior of NASes receiving both attributes is 
> undefined, and therefore a RADIUS server implementation cannot 
> assume a consistent behavior."

This seems OK to me.



--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>