Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Ascend Filter Translation

 

Ascend defines two attributes—Ascend-Data-Filter (242) and Ascend-Call-Filter (243)—that contain structured binary data representing a filter to be applied to the NAS device.

Instead of entering hexadecimal strings to configure these attributes, users can configure these attributes as text strings. Steel-Belted Radius Carrier automatically converts the text strings to the proper binary representation. The original filter attributes are still supported, and these attributes still may be configured as hexadecimal strings.

The following attributes allow configuration as text:

When Steel-Belted Radius Carrier formats a response packet, it translates the string version of the attribute to the appropriate binary value, and returns the attribute in the Access-Accept message.

Configuration

Configuration

These attributes may be entered as text strings through the Web GUI. The attributes may also be returned from an LDAP or SQL database during authentication.

No syntax validation is performed when the attribute is configured. The validation of syntax occurs only when the response packet is formatted. If the syntax is invalid, a reject response is issued and an error is logged.

Note

We recommend that you test these attributes before using them on a production server.

Two types of filter are supported: ip and generic.

Syntax

Syntax

In the syntax descriptions in Table 171, brackets [ ] indicate that the items enclosed are optional.

ip [direction] [action] [srcip address[/mask]] [dstip address[/mask]] protocol [srcport operator port] [dstport operator port]

Table 171: Syntax

Parameter

Values

direction

May be in or out. The default is out.

action

May be forward or drop. The default is drop.

address

An IP address in decimal dotted notation.

mask

The number of bits (decimal) in the network portion, from 0 through 32. The default is based on class of network.

protocol

The protocol number (decimal); for example, 6 for TCP or 17 for UDP. The following protocol names are translated to the proper number:

icmp(1)

tcp(6)

udp(17)

ospf(89)

operator

May be = (equal sign), != (exclamation and equal sign), < (less than), or > (greater than).

port

The port number (decimal). In addition, the following service names are translated to the proper port number:

ftp-data(20)•www(80)

ftp(21)•kerberos(88)

telnet(23)•hostname(101)

smpt(25)•nntp(119)

nameserver(42)•ntp(123)

domain(53)•exec(512)

tftp(69)•login(513)

gopher(70)•cmd(514)

finger(79)•talk(517)

Example:

ip out forward srcip 10.1.1.0/24 6 dstport = 80 srcport < 1023

Note

See your Ascend documentation for details about the syntax for these attributes.