Ip And Ipv6 Filters; Table 17: Ip And Ipv6 Filters (Description) - Alcatel-Lucent 7750 Reference Manual

IP and IPv6 Filters

Table 17: IP and IPv6 filters (description)

Attribute ID Attribute Name
92
NAS-Filter-Rule
242 Ascend-Data-Filter
7750 SR RADIUS Attributes Reference Guide
Subscriber host specific filter entry. The match criteria are automatically
extended with the subscriber host ip- or ipv6-address as source (ingress) or
destination (egress) ip. They represent a per host customization of a generic
filter policy: only traffic to/from the subscriber host will match against these
entries.
A range of entries must be reserved for subscriber host specific entries in a
filter policy: config>filter>ip-filter# sub-insert-radius
Subscriber host specific filter entries are moved if the subscriber host filter
policy is changed (new SLA profile or ip filter policy override) and if the new
filter policy contains enough free reserved entries.
When the subscriber host session terminates or is disconnected, then the
corresponding subscriber host specific filter entries are also deleted.
The function of the attribute is identical to [26-6527-159] Alc-Ascend-Data-
Filter-Host-Spec but it has a different format. The format used to specify host
specific filter entries (NAS-Filter-Rule format or Alc-Ascend-Data-Filter-
Host-Spec format) cannot change during the lifetime of the subscriber host.
Mixing formats in a single RADIUS message results in a failure.
A local configured filter policy can be extended with shared dynamic filter
entries. A dynamic copy of the base filter (filter associated to the host via sla-
profile or host filter override) is made and extended with the set of filter rules
per type (ipv4/ipv6) and direction (ingress/egress) in the RADIUS message. If
a dynamic copy with the same set of rules already exists, no new copy is made
but the existing copy is associated with the host/session. If after host/session
disconnection, no hosts/sessions are associated with the dynamic filter copy,
then the dynamic copy is removed.
Shared filter entries are moved if the subscriber host filter policy is changed
(new SLA profile or ip filter policy override) and if the new filter policy
contains enough free reserved entries.
A range of entries must be reserved for shared entries in a filter policy:
configure filter ip-filter <filter-id> sub-insert-shared-radius
The function of the attribute is identical to [26-6527-158] Alc-Nas-Filter-
Rule-Shared but it has a different format. The format used to specify shared
filter entries (Alc-Nas-Filter-Rule-Shared format or Ascend-Data-Filter
format) cannot change during the lifetime of the subscriber host.
Mixing formats in a single RADIUS message results in a failure.
Important note: Shared filter entries should only be used if many hosts share
the same set of filter rules that need to be controlled from RADIUS.
RADIUS Attributes Reference
Description
Page 85