Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Ascend-Data-Filter Attribute Fields

Table 1 provides information about the fields used in the Ascend-Data-Filter attribute (RADIUS attribute 242) and how the fields map to Junos OS filter functions. The table lists the fields in the order in which they occur in the Ascend-Data-Filter attribute.

Table 1: Ascend-Data-Filter Attribute Fields

Action or Classifier

Format

Value

Junos OS Filter Function

Type

1 byte

  • 1 = IPv4

  • 3 = IPv6

Filter or forward

1 byte

  • 0 = filter

  • 1 = forward

  • 0 = maps to discard action

  • 1 = maps to accept action

Indirection

1 byte

  • 0 = egress

  • 1 = ingress

  • 0 = adds egress terms to the output filter

  • 1= adds ingress terms to the input filter

Spare

1 byte

Source IP address

IPv4 = 4 bytes

IPv6 = 16 bytes

IP address of the source interface

  • 0 = no mapping performed

  • From source-address address entry added to term

Destination IP address

IPv4 = 4 bytes

IPv6 = 16 bytes

IP address of the destination interface

  • 0 = no mapping performed

  • From destination-address address entry added to term

Source IP prefix

1 byte

  • Type 1 = Number of leading zeros in the wildcard mask

  • Type 3 = Higher order contiguous bits of the address that make up the network portion of the address

  • 0 = no mapping performed

  • From source-address prefix entry added to term

Destination IP prefix

1 byte

  • Type 1 = Number of leading zeros in the wildcard mask

  • Type 3 = Higher order contiguous bits of the address that make up the network portion of the address

  • 0 = no mapping performed

  • From destination-address prefix entry added to term

Protocol

1 byte

Protocol type

  • 0 = no mapping performed

  • IPv4 = from protocol number added to term

  • IPv6 = from next-header number added to term

Established

1 byte

Not implemented

Not implemented

Source port

2 bytes

Port number of the source port

From source-port x - y entry added to term

Destination port

2 bytes

Port number of the destination port

From destination-port x - y entry added to term

Source port qualifier

1 byte

  • 0 = no compare

  • 1 = less than

  • 2 = equal to

  • 3 = greater than

  • 4 = not equal to

  • 0 = no mapping performed

  • 1 – 3 = mapped to corresponding option

  • 4 = mapped to except match option

Destination port qualifier

1 byte

  • 0 = no compare

  • 1 = less than

  • 2 = equal to

  • 3 = greater than

  • 4 = not equal to

  • 0 = no mapping performed

  • 1 – 3 = mapped to corresponding match option

  • 4 = mapped to except match option

Reserved

2 bytes

Not used

Not used

Marking value

1 byte

  • For IPv4 = Type of Service (ToS)

  • For IPv6 = Differentiated Services Code Point (DSCP)

Not implemented

Marking mask

1 byte

0 = no packet marking

Not implemented

Traffic class

1–41 bytes

  • 0 = no traffic class (required if there is no profile)

  • First byte specifies the length of the ASCII name of the traffic class

  • Traffic class must be statically configured

  • Name can optionally be null terminated, which consumes 1 byte

  • If a name is given, it must match one of the default forwarding classes (such as best-effort) or the name of a forwarding class configured under the [edit class-of-service scheduler-maps map-name] stanza.

Maps to the forwarding class name. The action forwarding-class name is added to term.

Rate-limit profile

1–41 bytes

  • 0 = no rate limit (required if there is no profile)

  • First byte specifies the length of the ASCII, followed by the ASCII name of the profile

  • Profile must be statically configured

  • Name can optionally be null terminated, which consumes 1 byte

  • If a name is given, it must match the name of one of the firewall policers that is configured under the [edit firewall] stanza.

Maps to the policer policer-name action modifier of the same name. The action policer name is added to term.

Related Documentation