Settings in a radius profile, Settings in a radius profile -20 – Lucent Technologies 6000 User Manual

15-20

MAX 6000/3000 Network Configuration Guide

Defining Static Filters
Defining Type of Service filters

Settings in a RADIUS profile

In RADIUS, a TOS filter entry is a value of the Ascend-Filter attribute. To specify TOS filter
value, use the following format:

iptos dir [ dstip n.n.n.n/nn ] [ srcip n.n.n.n/nn ][ proto ] [ destport

cmp value ] [ srcport cmp value ][ precedence value ] [ type-of-service

value ]

Note:

A filter definition cannot contain newline indicators. The syntax is shown here on

multiple lines for printing purposes only.

Keyword or argument Description

iptos

Specifies an IP TOS filter.

dir

Specifies direction of the packets. You can specify in (to filter
packets coming in to the MAX unit or out (to filter packets going
out of the MAX unit).

dstip n.n.n.n/nn

If the

dstip

keyword is followed by a valid IP address, the TOS

filter will set bytes only in packets with that destination address. If
a subnet mask portion of the address is present, the MAX unit
compares only the masked bits. If the

dstip

keyword is followed

by the zero address (0.0.0.0), or if this keyword and its IP address
specification are not present, the filter matches all IP packets. For
more details, see “Filtering by source or destination address” on
page 15-14.

srcip n.n.n.n/nn

If the

srcip

keyword is followed by a valid IP address, the TOS

filter will set bytes only in packets with that source address. If a
subnet mask portion of the address is present, the MAX unit
compares only the masked bits. If the

srcip

keyword is followed

by the zero address (0.0.0.0), or if this keyword and its IP address
specification are not present, the filter matches all IP packets. For
more details, see “Filtering by source or destination address” on
page 15-14.

proto

A protocol number. A value of zero matches all protocols. If you
specify a non-zero number, the MAX unit compares it to the
Protocol field in packets. For list of protocol numbers, see RFC
1700.

dstport cmp

value

If the

dstport

keyword is followed by a comparison symbol and

a port, the port is compared to the destination port of a packet. The
comparison symbol can be < (less-than), = (equal), > (greater-than),
or ! = (not-equal). The port value can be one of the following names
or numbers: ftp-data (20), ftp (21), telnet (23), smtp (25),
nameserver (42), domain (53), tftp (69), gopher (70), finger (79),
www (80), kerberos (88), hostname (101), nntp (119), ntp (123),
exec (512), login (513), cmd (514), or talk (517). For more details,
see “Filtering by port numbers” on page 15-14.