[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Issue 40: Support for Layer 2 filtering

To: radiusext@ops.ietf.org
Subject: Issue 40: Support for Layer 2 filtering
From: Bernard Aboba <aboba@internaut.com>
Date: Mon, 13 Dec 2004 18:51:35 -0800 (PST)

Issue 40: Support for Layer 2 Filtering
Submitter name: Bernard Aboba
Submitter email address: aboba@internaut.com
Date first submitted: December 13, 2004
Reference:
Document: Congdon-02
Comment type: T
Priority: S
Section: 2.7
Rationale/Explanation of issue:
The NAS-Filter-Rule syntax defined in RFC 3588 does not support Layer 2
filters. Since this is an IEEE 802 extensions document, support for
Layer 2 filtering seems important.
Suggest the following syntax:

action dir proto from src to dst [options]

here action is defined as in RFC 3588 (permit/deny),
dir is as in RFC 3588 (in/out).

In RFC 3588, Proto is defined as the IP protocol
number or "ip" to match any IP protocol. I'd suggest
addition of the Ethertype:<Type> keyword to enable
filtering on Ethertype.

Src and dest are defined in RFC 3588 to include address/mask
and port. Suggestion is that they be extended to include
MAC addresses.


--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Prev by Date: Issue 39: Backward Compatibility of Filter Attributes
Next by Date: Issue 41: Pruning the Filter Attribute Thicket
Previous by thread: Issue 39: Backward Compatibility of Filter Attributes
Next by thread: Issue 41: Pruning the Filter Attribute Thicket
Index(es):
- Date
- Thread