Settings in a radius profile, Settings in a radius profile -13 – Lucent Technologies 6000 User Manual

Page 549

background image

Defining Static Filters

Defining IP filters

MAX 6000/3000 Network Configuration Guide

15-13

Settings in a RADIUS profile

In a RADIUS profile, you define an IP filter as a value to the Ascend-Call Filter or
Ascend-Data Filter attribute, using the following format:

"ip dir action [ dstip n.n.n.n/nn ] [ srcip n.n.n.n/nn ][ proto ]

[ destport cmp value ] [ srcport cmp value ] [est]]"

Note:

A filter specification cannot contain newline indicators. The syntax is shown here on

two lines for printing purposes only.

Keyword or Argument

Value

ip

Type of filter. Valid filter types for the Ascend-Data Filter and
Ascend-Call Filter attributes are Generic Filter (the default) and IP
Filter.

dir

Specifies direction of the packets. You can specify in (to filter
packets coming in to the MAX unit or out (to filter packets going
out of the MAX unit).

action

Defines the action that the MAX unit takes with a packet that
matches the filter. You can specify either forward or drop.

dstip

n.n.n.n/nn

If the

dstip

keyword is followed by a valid IP address, the filter

will match only packets with that destination address. If a subnet
mask portion of the address is present, the MAX unit compares
only the masked bits. If the

dstip

keyword is followed by the

zero address (0.0.0.0), or if this keyword and its IP address
specification are not present, the filter matches all IP packets. For
more details, see “Filtering by source or destination address” on
page 15-14.

srcip

n.n.n.n/nn

If the

srcip

keyword is followed by a valid IP address, the filter

will match only packets with that source address. If a subnet mask
portion of the address is present, the MAX unit compares only the
masked bits. If the

srcip

keyword is followed by the zero address

(0.0.0.0), or if this keyword and its IP address specification are not
present, the filter matches all IP packets. For more details, see
“Filtering by source or destination address” on page 15-14.

proto

A protocol number. A value of zero matches all protocols. If you
specify a nonzero number, the MAX unit compares it to the
Protocol field in packets. For list of protocol numbers, see RFC
1700.

dstport

cmp value

If the

dstport

default font space keyword is followed by a

comparison symbol and a number, the number is compared to the
destination port of a packet. The comparison symbol can be <
(less-than),=(equal), > (greater-than), or ! = (not-equal). The port
value can be one of the following names or numbers: ftp-data (20),
ftp (21), telnet (23), smtp (25), nameserver (42), domain (53), tftp
(69), gopher (70), finger (79), www (80), kerberos (88), hostname
(101), nntp (119), ntp (123), exec (512), login (513), cmd (514), or
talk (517). For more details, see “Filtering by port numbers” on
page 15-14.

This manual is related to the following products:
See also other documents in the category Lucent Technologies Hardware: