ACS Packet Filter Configuration Mode Commands

The ACS Packet Filter Configuration Mode is used to create and configure Active Charging Service (ACS) packet filters.

IMPORTANT:

The commands or keywords/variables that are available are dependent on platform type, product version, and installed license(s).

direction

This command allows you to specify the direction in which the current packet filter will be applied.

Platform:

ASR 5000

Product:

ACS


Privilege:

Security Administrator, Administrator


Syntax
direction { bi-directional | downlink | uplink }default direction
default

Configures this command with its default setting.

Default: bi-directional

bi-directional

Specifies that the packet filter has to be applied in both uplink and downlink directions.

downlink

Specifies that the packet filter has to be applied only in the downlink direction.

uplink

Specifies that the packet filter has to be applied only in the uplink direction.


Usage:

Use this command to specify the direction in which the packet filter has to be applied.


Example:
The following command specifies that the packet filter must be applied in the downlink direction:
direction downlink
end

Exits the current configuration mode and returns to the Exec mode.

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
end

Usage:

Use this command to return to the Exec mode.

exit

Exits the current mode and returns to the parent configuration mode.

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
exit

Usage:

Use this command to return to the parent configuration mode.

ip local-port

This command allows you to configure the IP 5-tuple local port(s) for the current packet filter.

Platform:

ASR 5000

Product:

ACS


Privilege:

Security Administrator, Administrator


Syntax
ip local-port { =  port_number | range start_port_number to end_port_number }no ip local-port
no

If previously configured, deletes the ip local-port configuration from the current packet filter.

port_number

Specifies the port number of the transport protocol.

port_number must be the port number, and must be an integer from 1 through 65535.

range start_port_number to end_port_number

Specifies a range of port numbers.

start_port_number and end_port_number must be integers from 1 through 65535.

end_port_number must be greater than start_port_number.


Usage:

Use this command to configure the IP local port(s) for a packet filter.


Example:
The following command configures the IP local port as 456:
ip local-port 456
ip protocol

This command allows you to configure the IP protocol(s) for the current packet filter.

Platform:

ASR 5000

Product:

ACS


Privilege:

Security Administrator, Administrator


Syntax

In StarOS 9.0 and later releases:

ip protocol = protocol_numberno ip protocol

In StarOS 8.2 and earlier releases:

ip protocol { = protocol_number | range start_protocol_number to end_protocol_number }no ip protocol
no

If previously configured, deletes the IP protocol configuration from the current packet filter.

protocol_number

Specifies the transport protocol field in the IP header.

protocol_number must be the numerical value of the protocol, and must be an integer from 1 through 255.

range start_protocol_number to end_protocol_number

IMPORTANT:

In StarOS 9.0 and later releases this option is deprecated.

Specifies a range of protocol assignment numbers.

start_protocol_number and end_protocol_number must be integers from 1 through 255.

end_protocol_number must be greater than start_protocol_number.


Usage:

Use this command to configure the protocol(s) for a packet filter.


Example:
The following command configures the protocol assignment number 300:
ip protocol = 300
ip remote-address

This command allows you to configure the IP remote address(es) for the current packet filter.

Platform:

ASR 5000

Product:

ACS


Privilege:

Security Administrator, Administrator


Syntax

In StarOS 9.0 and later releases:

ip remote-address = { ipv4/ipv6_address | ipv4/ipv6_address/mask }no ip remote-address

In StarOS 8.2 and earlier releases:

ip remote-address { = { ipv4/ipv6_address | ipv4/ipv6_address/mask } | range { start_ipv4/ipv6_address | start_ipv4/ipv6_address/mask } to { end_ipv4/ipv6_address | end_ipv4/ipv6_address/mask } }no ip remote-address
no

If previously configured, deletes the IP remote-address configuration from the current packet filter.

ip remote-address = { ipv4/ipv6_address | ipv4/ipv6_address/mask }

ipv4/ipv6_address specifies the IPv4/IPv6 address.

ipv4/ipv6_address/mask specifies the IPv4/IPv6 address and the number of subnet bits representing the subnet mask in shorthand.

ip remote-address range { start_ipv4/ipv6_address | start_ipv4/ipv6_address/mask } to { end_ipv4/ipv6_address | end_ipv4/ipv6_address/mask }

IMPORTANT:

In StarOS 9.0 and later releases this keyword has been deprecated.

range specifies a range of IPv4/IPv6 addresses.

start_ipv4/ipv6_address and end_ipv4/ipv6_address specify, for the range, the starting and ending IPv4/IPv6 addresses.end_ipv4/ipv6_address must be greater than start_ipv4/ipv6_address.

start_ipv4/ipv6_address/mask and end_ipv4/ipv6_address/mask specify, for the range, the starting and ending IPv4/IPv6 address, and the number of subnet bits representing the subnet mask in shorthand. end_ipv4/ipv6_address/mask must be greater than start_ipv4/ipv6_address/mask.


Usage:

Use this command to configure the remote address(es) for a packet filter.


Example:
The following command configures the IP remote address as 10.2.3.4/24:
ip remote-address = 10.2.3.4/24
ip remote-port

This command allows you to configure the IP remote port(s) for the current packet filter.

Platform:

ASR 5000

Product:

ACS


Privilege:

Security Administrator, Administrator


Syntax
ip remote-port { = port_number | range start_port_number to end_port_number }no ip remote-port
no

If previously configured, deletes the ip remote-port configuration from the current packet filter.

port_number

Specifies the port number of the transport protocol.

port_number must be the port number, and must be an integer from 1 through 65535.

range start_port_number to end_port_number

Specifies a range of port numbers.

start_port_number and end_port_number must be integers from 1 through 65535.

end_port_number must be greater than start_port_number.


Usage:

Use this command to configure the IP remote port(s) for a packet filter.


Example:
The following command configures the IP remote port as 789:
ip remote-port = 789
priority

This command allows you to configure the current packet filter’s priority.

Platform:

ASR 5000

Product:

IMPORTANT:

This command is deprecated in certain 9.0 releases and in 10.0 and later releases. The precedence values of packet filters (those from both dynamic and predefined rules) are assigned by the PCEF based on an internal process.

ACS


Privilege:

Security Administrator, Administrator


Syntax
priority priorityno priority
no

If previously configured, deletes the priority configuration in the current packet filter.

priority

Specifies this packet filter’s priority

priority must be an integer from 0 through 255.


Usage:

Use this command to configure the packet filter’s priority. The priority must be configured for the packet filter to be used in a TFT. Packets are compared against packet filters in a prioritized fashion, with 0 being the highest priority. Without this setting, this filter will not be used.


Example:
The following command configures the packet filter’s priority as 3:
priority 3