Technical Documentation
New
Examples: Using the Ascend-Data-Filter Attribute for IPv4 Subscribers
This section provides examples showing the configuration of policies that use the Ascend-Data-Filter attribute for IPv4 subscribers.
In this example, the following Ascend-Data-Filter attribute creates a RADIUS record that configures an input policy. The policy filters all packets from network 10.2.1.0 with wildcard mask 0.0.0.255 to any destination.
Ascend-Data-Filter="01000100 0A020100 00000000 18000000 00000000 00000000"
Table 1 lists the values specified in the Ascend-Data-Filter attribute.
Table 1: Ascend-Data-Filter Attribute for an Input Policy on an IPv4 Interface
Action or Classifier | Hex Value | Actual Value |
|---|---|---|
Type | 01 | IPv4 |
Filter or Forward | 00 | Filter |
Indirection | 01 | Ingress |
Spare | 00 | None |
Source IP address | 0a020100 | 10.2.1.0 |
Destination IP address | 00000000 | Any |
Source IP mask | 18 | 24 (0.0.0.255) |
Destination IP mask | 00 | 0 (255,255,255,255) |
Protocol | 00 | None |
Established | 00 | None |
Source port | 0000 | None |
Destination port | 0000 | None |
Source port qualifier | 00 | None |
Destination port qualifier | 00 | None |
Reserved | 0000 | None |
Use the show classifier-list and show policy-list commands to view information about the policy:
host1#show classifier-list
Classifier Control List Table
---------- ------- ---- -----
IP clin_1800020_00.1 ip 10.2.1.0 0.0.0.255 any host1#show policy-list
Policy Table
------ -----
IP Policy plin_ip_1800020
Administrative state: enable
Reference count: 1
Classifier control list: clin_1800020_00, precedence 100
filter
Referenced by interface(s):
ATM4/0.0 input policy, statistics enabled, virtual-router default
Referenced by profile(s):
No profile referencesIn this example, the Ascend-Data-Filter attribute is used to create RADIUS records that configure two policies. The first policy is an input policy that filters all TCP packets that come from a port greater than 9000 on host 10.2.1.1 and that go to any destination. The second policy is an output policy that filters all UDP packets from network 20.1.0.0 to host 10.2.1.1, port 3090.
Ascend-Data-Filter = "01000100 0A020101 00000000 20000600 23280000 03000000"
Ascend-Data-Filter = "01000000 14010000 0A020101 10201100 00000C12 00020000"
Using the show classifier-list and show policy-list commands produces the following information about the new policies:
host1#show classifier-list
Classifier Control List Table
---------- ------- ---- -----
IP clin_1800021_00.1 tcp 10.2.1.1 gt 9000 any
IP clout_1800021_01.1 udp 20.1.0.0 0.0.255.255 10.2.1.1 eq 3090
host1#show policy-list
Policy Table
------ -----
IP Policy plin_ip_1800021
Administrative state: enable
Reference count: 1
Classifier control list: clin_1800021_00, precedence 100
filter
Referenced by interface(s):
ATM4/0.0 input policy, statistics enabled, virtual-router default
Referenced by profile(s):
No profile references
IP Policy plout_ip_1800021
Administrative state: enable
Reference count: 1
Classifier control list: clout_1800021_01, precedence 100
filter
Referenced by interface(s):
ATM4/0.0 output policy, statistics enabled, virtual-router default
Referenced by profile(s):
No profile references
This example creates an input policy and an output policy, each with multiple rules. The rules for the two policies are shown in the following list:
- Input policy rules
- Forward all TCP packets from host 10.2.1.1 to destination 20.0.0.0 0.255.255.255
- Filter all TCP packets from host 10.2.1.1 to any destination.
- Forward all packets from host 10.2.1.1 to any destination.
- Filter all other traffic.
The rules for the input policy translate to the following VSAs. The VSAs must be specified in this order:
Ascend-Data-Filter = "01010100 0A020101 14000000 20080600 00000000 00000000"
Ascend-Data-Filter = "01000100 0A020101 00000000 20000600 00000000 00000000"
Ascend-Data-Filter = "01010100 0A020101 00000000 20000000 00000000 00000000"
Ascend-Data-Filter = "01000100 00000000 00000000 00000000 00000000 00000000"
- Output policy rules
- Forward all TCP packets from 20.0.0.0 0.255.255.255 to host 10.2.1.1.
- Filter all TCP packets from any source to host 10.2.1.1.
- Forward all packets from any source to host 10.2.1.1.
- Filter all other traffic.
The rules for the input policy translate to the following VSAs. The VSAs must be specified in this order:
Ascend-Data-Filter = "01010000 14000000 0A020101 08200600 00000000 00000000"
Ascend-Data-Filter = "01000000 00000000 0A020101 00200600 00000000 00000000"
Ascend-Data-Filter = "01010000 00000000 0A020101 00200000 00000000 00000000"
Ascend-Data-Filter = "01000000 00000000 00000000 00000000 00000000 00000000"
Using the show classifier-list and show policy-list commands produces the following information about the new policies:
host1#show classifier-list
Classifier Control List Table
---------- ------- ---- -----
IP clin_1800022_00.1 tcp host 10.2.1.1 20.0.0.0 0.255.255.255
IP clin_1800022_01.1 tcp host 10.2.1.1 any
IP clin_1800022_02.1 ip host 10.2.1.1 any
IP clout_1800022_04.1 tcp 20.0.0.0 0.255.255.255 host 10.2.1.1
IP clout_1800022_05.1 tcp any host 10.2.1.1
IP clout_1800022_06.1 ip any host 10.2.1.1
host1#show policy-list
Policy Table
------ -----
IP Policy plin_ip_1800022
Administrative state: enable
Reference count: 1
Classifier control list: clin_1800022_00, precedence 100
forward
Classifier control list: clin_1800022_01, precedence 100
filter
Classifier control list: clin_1800022_02, precedence 100
forward
Classifier control list: *, precedence 100
filter
Referenced by interface(s):
ATM4/0.0 input policy, statistics enabled, virtual-router default
Referenced by profile(s):
No profile references
IP Policy plout_ip_1800022
Administrative state: enable
Reference count: 1
Classifier control list: clout_1800022_04, precedence 100
forward
Classifier control list: clout_1800022_05, precedence 100
filter
Classifier control list: clout_1800022_06, precedence 100
forward
Classifier control list: *, precedence 100
filter
Referenced by interface(s):
ATM4/0.0 output policy, statistics enabled, virtual-router default
Referenced by profile(s):
No profile referenceIn this example, the following Ascend-Data-Filter attribute creates a RADIUS record that configures an input policy on an IPv4 interface. The policy filters TCP packets from host address 10.2.1.2 to any destination. The policy marks the packets with a ToS byte of 5 and a mask of 170. The policy also applies a traffic class named someTcl and a rate-limit profile named someRlp.
Ascend-Data-Filter="01010100 0a020102 00000000 20000600 045708ae 02010000 05aa0773 6f6d6554 636c0773 6f6d6552 6c70"
Table 2 lists the values specified in the Ascend-Data-Filter attribute.
Table 2: Ascend-Data-Filter Attribute Values for a RADIUS Record
Action or Classifier | Hex Value | Actual Value |
|---|---|---|
Type | 01 | IPv4 |
Forward | 01 | Filter |
Indirection | 01 | Ingress |
Spare | 00 | None |
Source IP address | 0a020102 | 10.2.1.2 |
Destination IP address | 00000000 | Any |
Source IP mask | 20 | 32 (0.0.0.0) |
Destination IP mask | 00 | 0 (255,255,255,255) |
Protocol | 06 | TCP |
Established | 00 | None |
Source port | 0000 | None |
Destination port | 0000 | None |
Source port qualifier | 00 | None |
Destination port qualifier | 00 | None |
Reserved | 0000 | None |
Marking value | 05 | 5 |
Marking mask | aa | 170 |
Traffic class | 0773 6f6d6554 636c | someTcl |
Rate-limit profile | 0773 6f6d6552 6c70 | someRlp |
host1#show classifier-list
Classifier Control List Table
---------- ------- ---- -----
IP clin_1800023_00.1 tcp host 10.2.1.2
host1#show policy-list
Policy Table
------ -----
IP Policy plin_ip_1800023
Administrative state: enable
Reference count: 1
Classifier control list: clin_1800023_00, precedence 100
mark 5 mask 170
traffic-class someTcl
rate-limit-profile someRlp
Referenced by interface(s):
ATM11/0.0 input policy, statistics enabled, virtual-router default
Referenced by profile(s):
No profile references