[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Issue 170: Precedence and Order for NAS-Filter-Rule



On Fri, Jun 23, 2006 at 11:03:12AM -0700, Sanchez, Mauricio (ProCurve) wrote:
> 
> Maybe we're just going down a rat hole here.  By even mentioning that there
> may be other rules in effect on the NAS, it feels like an opportunity for
> creating greater confusion.  I'd rather just stick to detailing how a
> particular facet of the overall network service is provisioned, rather then
> define what the overall network service consists of. 
> 
> Would we better served by just yanking out the statement in question?
> Thoughts?

Reality is that a sane NAS-owner will have rules in place to protect
its infrastructure, and that these rules will be applied before any
rules from the RADIUS server.  It seems to me that ignoring the issue
relieves present pain at the cost of greater future pain.

We all, I hope, would agree that the consequence of applying such
implicit (from the server's point of view) rules must be tighter
restriction, not looser.

Regards,
Barney Wolff

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>