IP and IPv6 Filters
Page 90 7750 SR RADIUS Attributes Reference Guide
IP Filter Attribute Details
[92] Nas-Filter-Rule and [26-6527-158] Alc-Nas-Filter-Rule-Shared
The format for [92] Nas-Filter-Rule and [26-6527-158] Alc-Nas-Filter-Rule-Shared is a string
formatted as: <action> <direction> <protocol> from <source> to <destination> <options>.
Table 20 displays details on the respective fields.
Table 20: [92] Nas-Filter-Rule Attribute Format
Action or Classifier Value Corresponding SR OS Filter Function
<action> deny action drop
permit action forward
<direction> in ingress
out egress
<protocol> ip protocol none
any number [0..255] protocol [0..255]
ip next-header none
any number [1..42] next-header [1..42]
any number [45..49] next-header [45..49]
any number [52..59] next-header [52..59]
any number [61..255] next-header [61..255]
any number 43|44|50|51|60 not supported
from <source> any 100 ingress: src-ip = host-ip-address; src-port eq 100
egress: src-ip = 0.0.0.0/0 | ::/0; src-port eq 100
200-65535 ingress: src-ip = host-ip-address; src-port range 200 65535
egress: src-ip = 0.0.0.0/0 | ::/0; src-port range 200 65535
ip-prefix/length 100 ingress: src-ip = host-ip-address; src-port eq 100
egress: src-ip = ip-prefix/length; src-port eq 100
200-65535 ingress: src-ip = host-ip-address; src-port range 200 65535
egress: src-ip = ip-prefix/length; src-port range 200 65535
To Next Page
Loading...
