[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Issue] Handling an unparsable NAS-Filter-Rule
Description of issue: Handling an unparsable NAS-Filter-Rule
Submitter name: Greg Weber
Submitter email address: gdweber@cisco.com
Date first submitted: February 2, 2006
Reference: http://ops.ietf.org/lists/radiusext/2006/msg00090.html
Document: IEEE802-01
Comment type: Technical
Priority: S
Section: 1.4, 6
Rationale/Explanation of issue:
The NAS-Filter-Rule represents a *lot* of functionality.
I think we can expect lots of variability in NASes which
support various parts, e.g. maybe all the filtering, but
not HTTP redirection, etc. I think we maybe need to be
clearer on what is supposed to happen when the NAS gets
a CoA-Request or Access-Request containing directives
that it cannot parse or apply. In particular, in Section
1.4 "Attribute Interpretation", I see text indicating that
non-understood attributes result in Access-Rejects. But,
in Section 6 "Security Considerations", I see text like:
"...a NAS could be configured to ... not accept any
redirection rules if it is known they are not used in
this environment." These would seem to be contradictory.
Requested change:
Need clarification on the intent.
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>