--- embedaddon/mpd/doc/mpd30.html 2012/02/21 23:32:47 1.1.1.1 +++ embedaddon/mpd/doc/mpd30.html 2021/03/17 00:39:23 1.1.1.4 @@ -6,7 +6,7 @@ -Mpd 5.6 User Manual +Mpd 5.9 User Manual : Configuring Mpd : Authentication, Authorization and Accounting (AAA) : RADIUS
@@ -32,6 +32,11 @@ by repeating this command, and up to 10 servers may be If one of auth/acct ports specified as 0, it will not be used for requests of that type.

+
unset radius server name [ auth-port [ acct-port ]]

Deletes cpecific RADIUS server from pool.

+ +
set radius src-addr ipaddr

Configure IP address on the multihomed host that is used as a source address +for all requests.

+
set radius timeout seconds

Set the timeout for completion of RADIUS requests.

The default is 5 second.

@@ -66,6 +71,7 @@ N Name Access Accounting 7 Framed-Protocol + - + - 8 Framed-IP-Address - + + - 9 Framed-IP-Netmask - + + - +11 Filter-Id - + - - 12 Framed-MTU - + - - 13 Framed-Compression - + - - 18 Reply-Message - + - - @@ -213,10 +219,20 @@ mpd-rule += "100=allow all from any to any",

When mpd receives these parameters it will call ipfw(8) to create firewall rules, pipes and queues with unique numbers starting from 10000 -(configurable via 'set global start...'). %rX, %pX, %qX, %tX +(configurable via 'set global start...'). %rX, %pX, %qX, %tX and %aX macroses will be expanded within mpd-rule and mpd-queue. To the end of each rule will be added "via ngX" to make the rule apply only to that client's networking interface.

+

Allowed macroses: +

+%rX IPFW rule pool
+%pX IPFW pipe pool
+%qX IPFW queue pool
+%tX IPFW table pool
+%a1 peer negotiated IP address
+%a2 self negotiated IP address
+
+

As a result of this example we would get these commands executed:

 ipfw table 32 add 10.0.0.1
@@ -231,6 +247,8 @@ ipfw add 10002 allow all from any to any via ng0
 When the link goes down, all created rules will be removed.

Note: As soon as mpd executes ipfw commands using shell, shell's special characters like "(" and ")" must be slashed.

+

You can specify mpd-table += "1=peer_addr" to use mpd-table +with the peer negotiated IP address.

internal (ng_bpf/ng_car)

Mpd can create complex per-interface traffic filtering/limiting engines inside @@ -280,7 +298,7 @@ in AAA accounting requests.


-Mpd 5.6 User Manual +Mpd 5.9 User Manual : Configuring Mpd : Authentication, Authorization and Accounting (AAA) : RADIUS