Alcatel Unleashed

I am attempting to apply management Ip filters on my SAR-8. Here is the area / code I am referring to -



configure
system
security
management-access-filter
ip-filter
entry <<INSERT NUMBER>>
description "Radius"
src-ip XX.XX.XX.XX/32
protocol udp
dst-port 50837 65535
action permit

I removed the IP, obviously I have a real one in my config.

Everything works fine until I try to lock it down to a specific dst-port. I.E. I test it with the dst-port removed and RADIUS works great. The dst-port line shown above is a UDP port on the SAR-8 that originates (src) and then receives the RADIUS response back (dst) as viewed on a wire-shark trace.

I know that 1812 and 1813 are the standard RADIUS ports and what is used by my RADIUS server, however it appears the SAR-8 uses a different UDP port. I even noticed the port changes throughout the day based on different wire-shark traces.

I am trying to determine what port or range of ports I need to enter to lock this down a bit more than simply removing the dst-port and allowing UDP on all ports.

Any ideas?

Thanks.

dear MTM,
- of course it changes,because the position of SAR is as client ( random High number port, for each session use different port )
- why didn't you use src-port ( consistent port : 1812,1813 ),instead of using dst-port ...