[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Issue 38 - Ordering of filter attributes

To: "'Sanchez, Mauricio (PNB Roseville)'" <mauricio.sanchez@hp.com>, radiusext@ops.ietf.org
Subject: RE: Issue 38 - Ordering of filter attributes
From: Avi Lior <avi@bridgewatersystems.com>
Date: Tue, 25 Jan 2005 11:24:00 -0500

Hi,

There are two issues that need to be addressed.

One is that one NAS-Filter-Rule maybe too large to fit a single RADIUS
attribute; and
A session may require several of these NAS attributes.

Ordering is a given in RADIUS (as already described in the mail)

Therefore receipient of the Access-Accept must be able to reconstruct a
single NAS-Filter-Rule that extends over two or more attributes.  And then
you need to build the list of NAS-Filter-Rules.

Note that there is no specific hint to help detect a Filter-Rule that spans
over more then one attribute.  For example a key word at the end that
indicates that the rule is extended over the next attribute.  


> -----Original Message-----
> From: Sanchez, Mauricio (PNB Roseville) 
> [mailto:mauricio.sanchez@hp.com] 
> Sent: Monday, January 24, 2005 5:49 PM
> To: radiusext@ops.ietf.org
> Subject: RE: Issue 38 - Ordering of filter attributes
> 
> 
> 
> I'm working with Paul going through the IEEE802 draft issues. 
>  On issue 38 it appears discussion stopped with the email 
> shown below.  Any additional comments on this or can this be closed?
> 
> MS
> 
> --------------------------------------------
> Mauricio Sanchez
> Network Security Architect
> Procurve Networking Business
> Hewlett Packard
> 8000 Foothills Boulevard, ms 5555
> Roseville CA, 95747-5557
> 
> 916.785.1910 Tel
> 916.785.1815 Fax
> mauricio.sanchez@hp.com
> --------------------------------------------    
> 
> -----Original Message-----
> From: Bernard Aboba [mailto:aboba@internaut.com] 
> Sent: Monday, January 03, 2005 5:04 PM
> To: Congdon, Paul T (ProCurve)
> Cc: Nelson, David; Joseph Salowey; edwin@rsquared.com; 
> Romascanu, Dan (Dan); Jari Arkko; Sanchez, Mauricio (PNB 
> Roseville); Black, Chuck A; Nagi_Reddy.Jonnala@alcatel.be
> Subject: RE: Rough Notes from Conf Call on RADExt for IEEE 802
> 
> > Actually, the issue I was referencing is Issue 38: Ordering 
> of Filter
> > Attributes.  It only describes the ordering requirements of 
> > NAS-Filter-Rule and says nothing about different types.  I 
> believe we 
> > can potentially close this issue with the following resolution that 
> > incorporates Alan DeKok's comments:
> >
> >  "As per the requirements of RFC 2865, Section 2.3, if multiple
> >   NAS-Filter-Rule attributes are contained within an Access-Request
> >   or Access-Accept packet, they MUST be maintained in order.  The
> >   attributes MUST be consecutive attributes in the packet. RADIUS
> >   proxies MUST NOT reorder NAS-Filter-Rule attributes.
> >
> >   The RADIUS server can return NAS-Filter-Rule attributes in an
> >   Access-Accept packet. Where more than one NAS-Filter-Rule 
> attribute
> is
> >   included, it is assumed that the attributes are to be concatenated
> to
> >   form a single filter list."
> 
> Sounds good.
> 
> --
> to unsubscribe send a message to 
> radiusext-request@ops.ietf.org with the word 'unsubscribe' in 
> a single line as the message text body.
> archive: <http://psg.com/lists/radiusext/>
> 

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Prev by Date: RE: Issue 37: Merging of Filter Attributes
Next by Date: RE: Issue 37: Merging of Filter Attributes
Previous by thread: RE: Issue 38 - Ordering of filter attributes
Next by thread: RE: Issue 38 - Ordering of filter attributes
Index(es):
- Date
- Thread