Hide Navigation Pane
Show Navigation Pane
Feedback
Download
SHA1
Examples: Using the Ascend-Data-Filter Attribute for IPv6 Subscribers
This section provides examples showing the configuration of policies that use the Ascend-Data-Filter attribute when there are IPv6 subscribers in a network.
In this example, the following two Ascend-Data-Filter attributes are used to create RADIUS records that configure two policies. The first policy is an output policy that filters all UDP packets from network 2001:82ab:1020:87ec::0/64 to host 2001:82ab:1020:87ec:1234:0917:3415:0012, port 3090. The second policy is an input policy that filters all TCP packets that come from a port greater than 9000 on host 2001:82ab:1020:87ec:1234:0917:3415:0012 and that go to any destination.
Ascend-Data-Filter1 = "03000000 300182ab 102087ec 00000000 00000000 200182ab 102087ec 12340917 34150012 40801100 00000C12 00020000"
Ascend-Data-Filter2 = "03000100 200182ab 102087ec 12340917 34150012 00000000 00000000 00000000 00000000 80000600 23280000 03000000"
Table 8 lists the values specified in the Ascend-Data-Filter1 attribute that are used to create an output policy.
Table 8: Ascend-Data-Filter Attribute for an Output Policy on an IPv6 Interface
Action or Classifier | Hex Value | Actual Value |
|---|---|---|
Type | 03 | IPv6 |
Forward | 00 | Filter |
Indirection | 00 | Egress |
Spare | 00 | None |
Source IPv6 address | 300182ab 102087ec 00000000 00000000 | 3001:82ab:1020:87ec: 0000:0000:0000:0000 |
Destination IPv6 address | 200182ab 102087ec 12340917 34150012 | 2001:82ab:1020:87ec: 1234:0917:3415:0012 |
Source IPv6 prefix | 40 | 64 |
Destination IPv6 prefix | 80 | 128 |
Protocol | 11 | UDP |
Established | 00 | None |
Source port | 0000 | None |
Destination port | 0C12 | 3090 |
Source port qualifier | 00 | None |
Destination port qualifier | 02 | Equal to |
Reserved | 0000 | None |
Table 9 lists the values specified in the Ascend-Data-Filter2 attribute that are used to create an input policy.
Table 9: Ascend-Data-Filter Attribute for an Input Policy on an IPv6 Interface
Action or Classifier | Hex Value | Actual Value |
|---|---|---|
Type | 03 | IPv6 |
Forward | 00 | Filter |
Indirection | 01 | Ingress |
Spare | 00 | None |
Source IPv6 address | 200182ab 102087ec 12340917 34150012 | 2001:82ab:1020:87ec:1234:0917:3415:0012 |
Destination IPv6 address | 00000000 00000000 00000000 00000000 | Any |
Source IPv6 prefix | 80 | 128 |
Destination IPv6 prefix | 00 | 0 |
Protocol | 06 | TCP |
Established | 00 | None |
Source port | 2328 | 9000 |
Destination port | 0000 | None |
Source port qualifier | 03 | Greater than |
Destination port qualifier | 00 | None |
Reserved | 0000 | None |
Use the show classifier-list and show policy-list commands to view information about the configured input and output policies:
host1#show classifier-list
Classifier Control List Table
---------- ------- ---- -----
IPv6 clout_1800020_00.1 udp source-address 3001:82ab:1020:87ec::/64 destination-host
2001:82ab:1020:87ec:1234:917:3415:12 destination-port eq 3090
IPv6 clin_1800020_01.1 tcp source-host 2001:82ab:1020:87ec:1234:917:3415:12 source-port gt 9000host1#show policy-list
Policy Table
------ -----
IPv6 Policy plout_ipv6_1800020
Administrative state: enable
Reference count: 1
Classifier control list: clout_1800020_00, precedence 100
filter
Referenced by interface(s):
GigabitEthernet10/0.2 output policy, statistics enabled, virtual-router default
Referenced by profile(s):
None
Referenced by merged policies:
None
IPv6 Policy plin_ipv6_1800020
Administrative state: enable
Reference count: 1
Classifier control list: clin_1800020_01, precedence 100
filter
Referenced by interface(s):
GigabitEthernet10/0.2 input policy, statistics enabled, virtual-router default
Referenced by profile(s):
None
Referenced by merged policies:
None
