RADIUS ATTRIBUTES REFERENCE GUIDE
RELEASE 14.0.R4
RADIUS Attributes Reference
Issue: 01 3HE 10793 AAAB TQZZA 01 89
26-6527-158 Alc-Nas-Filter-Rule-
Shared
A local configured filter policy can be extended with shared dynamic
filter entries. A dynamic copy of the base filter (filter associated to the
host via sla-profile or host filter override) is made and extended with the
set of filter rules per type (ipv4/ipv6) and direction (ingress/egress) in
the RADIUS message. If a dynamic copy with the same set of rules
already exists, no new copy is made but the existing copy is associated
with the host/session. If after host/session disconnection, no hosts/
sessions are associated with the dynamic filter copy, then the dynamic
copy is removed. Shared filter entries are moved if the subscriber host
filter policy is changed (new SLA profile or ip filter policy override) and
if the new filter policy contains enough free reserved entries. A range of
entries must be reserved for shared entries in a filter policy: configure
filter ip-filter|ipv6-filter filter-id sub-insert-shared-radius The
function of the attribute is identical to [26-529-242] Ascend-Data-Filter
but it has a different format. The format used to specify shared filter
entries (Alc-Nas-Filter-Rule-Shared format or Ascend-Data-Filter
format) cannot change during the lifetime of the subscriber host. Mixing
formats in a single RADIUS message results in a failure.
Note that shared filter entries should only be used if many hosts share
the same set of filter rules that need to be controlled from RADIUS.
26-6527-159 Alc-Ascend-Data-
Filter-Host-Spec
Subscriber host specific filter entry. The match criteria is automatically
extended with the subscriber host ip- or ipv6-address as source
(ingress) or destination (egress) ip. They represent a per host
customization of a generic filter policy: only traffic to/from the subscriber
host will match against these entries. A range of entries must be
reserved for subscriber host specific entries in a filter policy: configure
filter ip-filter/ipv6-filter filter-id sub-insert-radius. Subscriber host
specific filter entries are moved if the subscriber host filter policy is
changed (new SLA profile or ip filter policy override) and if the new filter
policy contains enough free reserved entries. When the subscriber host
session terminates or is disconnected, then the corresponding
subscriber host specific filter entries are also deleted. The function of
the attribute is identical to [92] Nas-Filter-Rule but it has a different
format. The format used to specify host-specific filter entries (NAS-Filer-
Rule format or Alc-Ascend-Data-Filter-Host-Spec format) cannot
change during the lifetime of the subscriber host. Mixing formats in a
single RADIUS message results in a failure.
Table 17 IP and IPv6 Filters (Description) (Continued)
Attribute ID Attribute Name Description
To Next Page
Loading...
