Hi Passi,
Are we talking about NAS-Filter-Rule? That is what I was talking about.
NAS-Filter-Rule is IPFilterRule which can only have permit or deny in the action position.
However if you are talking about the Redirection work then you are right.
-----Original Message-----
From: Pasi.Eronen@nokia.com [mailto:Pasi.Eronen@nokia.com]
Sent: Sat 7/8/2006 12:24 PM
To: Avi Lior; radiusext@ops.ietf.org
Subject: RE: Issue: Attribute concatenation/splitting
Avi Lior wrote:
> I have to read the draft. Is permit/deny allowed inside the
> attribute because we are allowed to include more then one rule
> inside the packet? If that is the case IMO we should not do that.
> One rule per attribute.
No, it's because there are rule elements (e.g. tunnel-id, org-url
and redir-url) that are more-or-less arbitrary strings. In other
words, you could have a tunnel called "permit" or a URL that
contains the string "deny".
Best regards,
Pasi