Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Examples: Using the Ascend-Data-Filter Attribute for IPv4 Subscribers

    This section provides examples showing the configuration of policies that use the Ascend-Data-Filter attribute for IPv4 subscribers.

    In this example, the following Ascend-Data-Filter attribute creates a RADIUS record that configures an input policy. The policy filters all packets from network 10.2.1.0 with wildcard mask 0.0.0.255 to any destination.

    Ascend-Data-Filter="01000100 0A020100 00000000 18000000 00000000 00000000"

    Table 1 lists the values specified in the Ascend-Data-Filter attribute.

    Table 1: Ascend-Data-Filter Attribute for an Input Policy on an IPv4 Interface

    Action or Classifier

    Hex Value

    Actual Value

    Type

    01

    IPv4

    Filter or Forward

    00

    Filter

    Indirection

    01

    Ingress

    Spare

    00

    None

    Source IP address

    0a020100

    10.2.1.0

    Destination IP address

    00000000

    Any

    Source IP mask

    18

    24 (0.0.0.255)

    Destination IP mask

    00

    0 (255,255,255,255)

    Protocol

    00

    None

    Established

    00

    None

    Source port

    0000

    None

    Destination port

    0000

    None

    Source port qualifier

    00

    None

    Destination port qualifier

    00

    None

    Reserved

    0000

    None

    Use the show classifier-list and show policy-list commands to view information about the policy:

    host1#show classifier-list
    
                             Classifier Control List Table
                             ---------- ------- ---- -----
                             
    IP clin_1800020_00.1 ip 10.2.1.0 0.0.0.255 any 
    host1#show policy-list
                             
                                      Policy Table
                                      ------ -----
    IP Policy plin_ip_1800020
       Administrative state: enable
       Reference count:      1
       Classifier control list: clin_1800020_00, precedence 100
          filter
    
       Referenced by interface(s): 
          ATM4/0.0  input policy, statistics enabled, virtual-router default
    
       Referenced by profile(s): 
          No profile references

    In this example, the Ascend-Data-Filter attribute is used to create RADIUS records that configure two policies. The first policy is an input policy that filters all TCP packets that come from a port greater than 9000 on host 10.2.1.1 and that go to any destination. The second policy is an output policy that filters all UDP packets from network 20.1.0.0 to host 10.2.1.1, port 3090.

    Ascend-Data-Filter = "01000100 0A020101 00000000 20000600 23280000 03000000"
    
     Ascend-Data-Filter = "01000000 14010000 0A020101 10201100 00000C12 00020000"

    Using the show classifier-list and show policy-list commands produces the following information about the new policies:

    host1#show classifier-list
    
                             Classifier Control List Table
                             ---------- ------- ---- -----
    IP clin_1800021_00.1 tcp 10.2.1.1 gt 9000 any
    IP clout_1800021_01.1 udp 20.1.0.0 0.0.255.255 10.2.1.1 eq 3090
    
    host1#show policy-list
                             
                                      Policy Table
                                      ------ -----
    IP Policy plin_ip_1800021
       Administrative state: enable
       Reference count:      1
       Classifier control list: clin_1800021_00, precedence 100
          filter
    
       Referenced by interface(s): 
          ATM4/0.0  input policy, statistics enabled, virtual-router default
    
       Referenced by profile(s): 
          No profile references
    
    IP Policy plout_ip_1800021
       Administrative state: enable
       Reference count:      1
       Classifier control list: clout_1800021_01, precedence 100
          filter
    
       Referenced by interface(s): 
          ATM4/0.0  output policy, statistics enabled, virtual-router default
    
       Referenced by profile(s): 
          No profile references
    

    This example creates an input policy and an output policy, each with multiple rules. The rules for the two policies are shown in the following list:

    • Input policy rules
      • Forward all TCP packets from host 10.2.1.1 to destination 20.0.0.0 0.255.255.255
      • Filter all TCP packets from host 10.2.1.1 to any destination.
      • Forward all packets from host 10.2.1.1 to any destination.
      • Filter all other traffic.

    The rules for the input policy translate to the following VSAs. The VSAs must be specified in this order:

    Ascend-Data-Filter = "01010100 0A020101 14000000 20080600 00000000 00000000"
    Ascend-Data-Filter = "01000100 0A020101 00000000 20000600 00000000 00000000"
    Ascend-Data-Filter = "01010100 0A020101 00000000 20000000 00000000 00000000"
    Ascend-Data-Filter = "01000100 00000000 00000000 00000000 00000000 00000000"
    • Output policy rules
      • Forward all TCP packets from 20.0.0.0 0.255.255.255 to host 10.2.1.1.
      • Filter all TCP packets from any source to host 10.2.1.1.
      • Forward all packets from any source to host 10.2.1.1.
      • Filter all other traffic.

    The rules for the input policy translate to the following VSAs. The VSAs must be specified in this order:

    Ascend-Data-Filter = "01010000 14000000 0A020101 08200600 00000000 00000000"
    Ascend-Data-Filter = "01000000 00000000 0A020101 00200600 00000000 00000000"
    Ascend-Data-Filter = "01010000 00000000 0A020101 00200000 00000000 00000000"
    Ascend-Data-Filter = "01000000 00000000 00000000 00000000 00000000 00000000"

    Using the show classifier-list and show policy-list commands produces the following information about the new policies:

    host1#show classifier-list
                                                    
                             Classifier Control List Table
                             ---------- ------- ---- -----
    IP clin_1800022_00.1 tcp host 10.2.1.1 20.0.0.0 0.255.255.255
    IP clin_1800022_01.1 tcp host 10.2.1.1 any
    IP clin_1800022_02.1 ip host 10.2.1.1 any
    IP clout_1800022_04.1 tcp 20.0.0.0 0.255.255.255 host 10.2.1.1
    IP clout_1800022_05.1 tcp any host 10.2.1.1
    IP clout_1800022_06.1 ip any host 10.2.1.1
    
    host1#show policy-list
                             
                                      Policy Table
                                      ------ -----
    IP Policy plin_ip_1800022
       Administrative state: enable
       Reference count:      1
       Classifier control list: clin_1800022_00, precedence 100
          forward
       Classifier control list: clin_1800022_01, precedence 100
          filter
       Classifier control list: clin_1800022_02, precedence 100
          forward
       Classifier control list: *, precedence 100
          filter
    
       Referenced by interface(s): 
          ATM4/0.0  input policy, statistics enabled, virtual-router default
    
       Referenced by profile(s): 
          No profile references
    
    IP Policy plout_ip_1800022
       Administrative state: enable
       Reference count:      1
       Classifier control list: clout_1800022_04, precedence 100
          forward
       Classifier control list: clout_1800022_05, precedence 100
          filter
       Classifier control list: clout_1800022_06, precedence 100
          forward
       Classifier control list: *, precedence 100
          filter
    
       Referenced by interface(s): 
          ATM4/0.0  output policy, statistics enabled, virtual-router default
    
       Referenced by profile(s): 
          No profile reference

    In this example, the following Ascend-Data-Filter attribute creates a RADIUS record that configures an input policy on an IPv4 interface. The policy filters TCP packets from host address 10.2.1.2 to any destination. The policy marks the packets with a ToS byte of 5 and a mask of 170. The policy also applies a traffic class named someTcl and a rate-limit profile named someRlp.

    Ascend-Data-Filter="01010100 0a020102 00000000 20000600 045708ae 02010000 05aa0773 6f6d6554 636c0773 6f6d6552 6c70"

    Table 2 lists the values specified in the Ascend-Data-Filter attribute.

    Table 2: Ascend-Data-Filter Attribute Values for a RADIUS Record

    Action or Classifier

    Hex Value

    Actual Value

    Type

    01

    IPv4

    Forward

    01

    Filter

    Indirection

    01

    Ingress

    Spare

    00

    None

    Source IP address

    0a020102

    10.2.1.2

    Destination IP address

    00000000

    Any

    Source IP mask

    20

    32 (0.0.0.0)

    Destination IP mask

    00

    0 (255,255,255,255)

    Protocol

    06

    TCP

    Established

    00

    None

    Source port

    0000

    None

    Destination port

    0000

    None

    Source port qualifier

    00

    None

    Destination port qualifier

    00

    None

    Reserved

    0000

    None

    Marking value

    05

    5

    Marking mask

    aa

    170

    Traffic class

    0773 6f6d6554 636c

    someTcl

    Rate-limit profile

    0773 6f6d6552 6c70

    someRlp

    host1#show classifier-list
                                                    
                             Classifier Control List Table
                             ---------- ------- ---- -----
    IP clin_1800023_00.1 tcp host 10.2.1.2 
    
    host1#show policy-list
                             
                                      Policy Table
                                      ------ -----
    IP Policy plin_ip_1800023
       Administrative state: enable
       Reference count:      1
       Classifier control list: clin_1800023_00, precedence 100
          mark 5 mask 170
          traffic-class someTcl
          rate-limit-profile someRlp 
    
       Referenced by interface(s): 
          ATM11/0.0  input policy, statistics enabled, virtual-router default
    
       Referenced by profile(s): 
          No profile references

    Published: 2014-08-14