Lucent Technologies 6000 Manuale Utente
15-20
MAX 6000/3000 Network Configuration Guide
Defining Static Filters
Defining Type of Service filters
Defining Type of Service filters
Settings in a RADIUS profile
In RADIUS, a TOS filter entry is a value of the Ascend-Filter attribute. To specify TOS filter
value, use the following format:
value, use the following format:
iptos dir [ dstip n.n.n.n/nn ] [ srcip n.n.n.n/nn ][ proto ] [ destport
cmp value ] [ srcport cmp value ][ precedence value ] [ type-of-service
value ]
Note:
A filter definition cannot contain newline indicators. The syntax is shown here on
multiple lines for printing purposes only.
Keyword or argument Description
iptos
Specifies an IP TOS filter.
dir
Specifies direction of the packets. You can specify in (to filter
packets coming in to the MAX unit or out (to filter packets going
out of the MAX unit).
packets coming in to the MAX unit or out (to filter packets going
out of the MAX unit).
dstip n.n.n.n/nn
If the
dstip
keyword is followed by a valid IP address, the TOS
filter will set bytes only in packets with that destination address. If
a subnet mask portion of the address is present, the MAX unit
compares only the masked bits. If the
a subnet mask portion of the address is present, the MAX unit
compares only the masked bits. If the
dstip
keyword is followed
by the zero address (0.0.0.0), or if this keyword and its IP address
specification are not present, the filter matches all IP packets. For
more details, see “Filtering by source or destination address” on
page 15-14.
specification are not present, the filter matches all IP packets. For
more details, see “Filtering by source or destination address” on
page 15-14.
srcip n.n.n.n/nn
If the
srcip
keyword is followed by a valid IP address, the TOS
filter will set bytes only in packets with that source address. If a
subnet mask portion of the address is present, the MAX unit
compares only the masked bits. If the
subnet mask portion of the address is present, the MAX unit
compares only the masked bits. If the
srcip
keyword is followed
by the zero address (0.0.0.0), or if this keyword and its IP address
specification are not present, the filter matches all IP packets. For
more details, see “Filtering by source or destination address” on
page 15-14.
specification are not present, the filter matches all IP packets. For
more details, see “Filtering by source or destination address” on
page 15-14.
proto
A protocol number. A value of zero matches all protocols. If you
specify a non-zero number, the MAX unit compares it to the
Protocol field in packets. For list of protocol numbers, see RFC
1700.
specify a non-zero number, the MAX unit compares it to the
Protocol field in packets. For list of protocol numbers, see RFC
1700.
dstport cmp
value
If the
dstport
keyword is followed by a comparison symbol and
a port, the port is compared to the destination port of a packet. The
comparison symbol can be < (less-than), = (equal), > (greater-than),
or ! = (not-equal). The port value can be one of the following names
or numbers: ftp-data (20), ftp (21), telnet (23), smtp (25),
nameserver (42), domain (53), tftp (69), gopher (70), finger (79),
www (80), kerberos (88), hostname (101), nntp (119), ntp (123),
exec (512), login (513), cmd (514), or talk (517). For more details,
see “Filtering by port numbers” on page 15-14.
comparison symbol can be < (less-than), = (equal), > (greater-than),
or ! = (not-equal). The port value can be one of the following names
or numbers: ftp-data (20), ftp (21), telnet (23), smtp (25),
nameserver (42), domain (53), tftp (69), gopher (70), finger (79),
www (80), kerberos (88), hostname (101), nntp (119), ntp (123),
exec (512), login (513), cmd (514), or talk (517). For more details,
see “Filtering by port numbers” on page 15-14.