Settings In A Radius Profile - Lucent Technologies MAX 6000 Network Configuration Manual

Settings in a RADIUS profile

In a RADIUS profile, you define an IP filter as a value to the Ascend-Call Filter or
Ascend-Data Filter attribute, using the following format:
"ip dir action [ dstip n.n.n.n/nn ] [ srcip n.n.n.n/nn ][ proto ]
[ destport cmp value ] [ srcport cmp value ] [est]]"
Note: A filter specification cannot contain newline indicators. The syntax is shown here on
two lines for printing purposes only.
Keyword or Argument Value
ip
dir
action
dstip
srcip
proto
dstport
MAX 6000/3000 Network Configuration Guide
Type of filter. Valid filter types for the Ascend-Data Filter and
Ascend-Call Filter attributes are Generic Filter (the default) and IP
Filter.
Specifies direction of the packets. You can specify in (to filter
packets coming in to the MAX unit or out (to filter packets going
out of the MAX unit).
Defines the action that the MAX unit takes with a packet that
matches the filter. You can specify either forward or drop.
If the
n.n.n.n/nn
dstip
will match only packets with that destination address. If a subnet
mask portion of the address is present, the MAX unit compares
only the masked bits. If the
zero address (0.0.0.0), or if this keyword and its IP address
specification are not present, the filter matches all IP packets. For
more details, see "Filtering by source or destination address" on
page 15-14.
If the
n.n.n.n/nn
srcip
will match only packets with that source address. If a subnet mask
portion of the address is present, the MAX unit compares only the
masked bits. If the
(0.0.0.0), or if this keyword and its IP address specification are not
present, the filter matches all IP packets. For more details, see
"Filtering by source or destination address" on page 15-14.
A protocol number. A value of zero matches all protocols. If you
specify a nonzero number, the MAX unit compares it to the
Protocol field in packets. For list of protocol numbers, see RFC
1700.
If the
cmp value
dstport
comparison symbol and a number, the number is compared to the
destination port of a packet. The comparison symbol can be <
(less-than),=(equal), > (greater-than), or ! = (not-equal). The port
value can be one of the following names or numbers: ftp-data (20),
ftp (21), telnet (23), smtp (25), nameserver (42), domain (53), tftp
(69), gopher (70), finger (79), www (80), kerberos (88), hostname
(101), nntp (119), ntp (123), exec (512), login (513), cmd (514), or
talk (517). For more details, see "Filtering by port numbers" on
page 15-14.
keyword is followed by a valid IP address, the filter
keyword is followed by the
dstip
keyword is followed by a valid IP address, the filter
keyword is followed by the zero address
srcip
default font space keyword is followed by a
Defining Static Filters
Defining IP filters
15-13