[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [AAA-WG]: Question regarding IP Filter Rule

To: "'marco.stura@nokia.com'" <marco.stura@nokia.com>, Avi Lior <avi@bridgewatersystems.com>
Subject: RE: [AAA-WG]: Question regarding IP Filter Rule
From: Avi Lior <avi@bridgewatersystems.com>
Date: Wed, 17 Dec 2003 11:49:27 -0500
Cc: radiusext@ops.ietf.org, aaa-wg@merit.edu

Thanx Marco,

I am familiar with DCC.  My point was/is that IPFilterRules would have been
one way to do this and the IPFW appears to support this capability.  Its too
bad that IPFilterRules don't support this capability because now we have to
build it into our applications.

For RADIUS prepaid and PWLAN etc we will have to define a new AVP to do
redirects.  Alternatively, we could define an IPFilterRule attribute that
has the forwarding capability that went missing in Diameter.  But now we
would have a compatibility issue with Diameter.

> -----Original Message-----
> From: marco.stura@nokia.com [mailto:marco.stura@nokia.com] 
> Sent: Wednesday, December 17, 2003 2:20 AM
> To: avi@bridgewatersystems.com
> Cc: radiusext@ops.ietf.org; aaa-wg@merit.edu
> Subject: RE: [AAA-WG]: Question regarding IP Filter Rule
> 
> 
> Avi Lior wrote
> 
> > The Black I-D and PWLAN draft prompted me to check something out.
> > 
> > It seems to me that something is missing in Diameter.  Using
> > the filter
> > specification in 3588 its not clear how I force a forward.  
> > The only actions
> > supported are permit or deny whereas ipfw supports a forward 
> > mechanism as
> > well.
> > 
> > The motivation for this is the requirement in (WLAN for
> > example) whereby I
> > want to force all http traffic to a specific portal and 
> deny all other
> > traffic until the portal instructs the NAS otherwise.  This 
> > needs to be done
> > either during an Access Accept or mid-session using COA.
> 
> How to redirect user traffic (e.g. http) is implementation 
> specific and I think is not a Diameter business. If you want 
> to indicate redirect traffic to a specific address, in 
> Diameter applications you can define a grouped AVP to realize 
> the functionality. One example could be the 
> Final-Unit-Indication in the DCC application.
> 
> Regards
> Marco
> 

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Prev by Date: RE: QoS attributes
Next by Date: RE: [AAA-WG]: Question regarding IP Filter Rule
Previous by thread: RE: [AAA-WG]: Question regarding IP Filter Rule
Next by thread: RE: [AAA-WG]: Question regarding IP Filter Rule
Index(es):
- Date
- Thread