Filter
Top Products
Working with public access attributes
Colubris AV-Pair attribute - User values
If both servers are not available, both are polled in turn with no delay (other than the poll
timeout) until one becomes available. When both servers are unavailable the access list
DNAT-SERVER definition is skipped with no action taken, and processing moves to the next
rule in the access list. This next rule can then be used to define the action taken when both
DNAT-SERVERS are down.
The following table shows possible results when polling is active for both the primary and
secondary servers.
Server 1 Server 2 Description
UP UP Traffic matching the DNAT-SERVER rule is forwarded to server
1.
UP DOWN Traffic matching the DNAT-SERVER rule is forwarded to server
1.
DOWN UP Traffic matching the DNAT-SERVER rule is forwarded to server
2.
DOWN DOWN No action is performed for the DNAT-SERVER rule. Processing
moves to the next rule in the list. To accept all traffic if both
servers are down, define this rule as:
ACCEPT,all,all,all
Example
The following creates an access list called redirect which is used to redirect HTTP traffic for
authenticated users to either srv1.mycompany.com or srv2.mycompany.com depending
on which one is active. Port 8080 is used to forward traffic. If neither the primary or
secondary DNAT-SERVER is available, all traffic is accepted.
The following entry is added to the local profile for the service controller:
access-list=redirect,DNAT-SERVER,tcp,all,80
access-list=redirect,ACCEPT,all,all,all
The following entry is added to the RADIUS profile for each user:
dnat-
server=redirect,srv1.mycompany.com,8080,srv2.mycompany.com,8080
Colubris AV-Pair attribute - User values
User values let you define settings for individual user accounts.
Each Colubris AV-Pair value is specified using the following format: <keyword>=<value>
9-63