The Accounting Start Filtering feature allows the creation of RADIUS packet filtering to filter packets that reach ISG. Based on the defined filter criteria, ISG performs certain actions on the RADIUS packet.
The RADIUS packet filter is created on ISG by defining the filter name and the match criteria in the
radius filter command. The match criteria are applied to the attributes of the RADIUS packet. When you configure the
match-all command, the filter is applied to the RADIUS packet only if all the attributes configured in the command match the attributes in the RADIUS packet. When you configure the
match-any command, the filter is applied to the RADIUS packet if at least one attribute configured in the command matches the attributes in the RADIUS packet. The attributes to match are defined in RADIUS filter configuration mode.
In RADIUS filter configuration mode, you can specify a standard IETF RADIUS attribute or a vendor-specific RADIUS attribute. These attributes must match the attributes in the RADIUS packet so that the filter can be applied accordingly. The
match command checks if the attribute is present in the packet, and the
command checks if the attribute is not present in the packet.
Apply RADIUS filters to the RADIUS proxy server in order for the configuration to take effect. Apply RADIUS filters in RADIUS proxy server configuration mode and RADIUS proxy client configuration mode. If filters are applied in both modes, only the client mode configuration will take effect.
You can specify the type of RADIUS packets to which the filter should be applied using the
filter access and
filter accounting commands.
You can configure any one of the following three actions that the RADIUS proxy server should apply to the incoming RADIUS packets to complete the filtering process:
drop—Drops the RADIUS packet.
ignore—Forwards the packet to the RADIUS server, but does not apply any ISG-related features to the RADIUS packet.
ack—Returns the access-accept response for the access packet and the accounting response for the accounting packet.
Perform the following tasks to configure a RADIUS packet filter and apply the filter criteria to RADIUS proxy.