Print this pagePrint this page

Email this topicEmail this topic

View PDFView PDF

Download EPUBDownload EPUB

set policy rule (7100-Series)

Use this command to assign incoming untagged frames to a specific policy profile and to VLAN or Class-of-Service classification rules.

Syntax

set policy rule profile-index {ether | ip6dest | ipdestsocket | ipfrag | ipproto | ipsourcesocket | iptos | ipttl | macdest | macsource | port | tcpdestportIP | tcpsourceportIP | udpdestportIP | udpsourceportIP} data [mask mask] [port-string port-string] [storage-type {non-volatile | volatile}] [drop | forward] [cos cos] [quarantine-profile quarantine-profile] [clear-quarantine-profile] [prohibit-quarantine-profile]

Parameters

profile-index Specifies that this classification rule is associated with the entered policy profile index configured with the set policy profile command (set policy profile). Valid profile-index values are 1- 1023.
ether Classifies based on type field in Ethernet II packet.
ip6dest Classifies based on the IPv6 destination address with optional post-fixed port. Valid values are aaaa::bbbb[-ab (0..65535)]; mask 1-144).
ipdestsocket Classifies based on destination IP address with optional post-fixed port.
ipfrag Classifies based on IP fragmentation value.
ipproto Classifies based on protocol field in IP packet.
ipsourcesocket Classifies based on source IP address with optional post-fixed port.
iptos Classifies based on Type of Service field in IP packet.
ipttl Classifies based on IP time-to-live (TTL).
macdest Classifies based on MAC destination address.
macsource Classifies based on MAC source address.
port Classifies based on port-string.
tcpdestportip Classifies based on TCP destination port with optional post-fix IP address.
tcpsourceportip Classifies based on TCP source port optional post-fix IP address.
udpdestportip Classifies based on UDP destination port optional post-fix IP address.
udpsourceportip Classifies based on UDP source port optional post-fix IP address.
data (Not required for ipfrag classification.) Specifies the code for a predefined classifier. This value is dependent on the classification type entered. Refer to Valid Values for Policy Classification Rules for valid values for each classification type.
mask mask (Optional) Specifies the number of significant bits to match, dependent on the data value entered. Refer to Valid Values for Policy Classification Rules for valid values for each classification type and data value.
port-string port-string (Optional) The rule is applied to the specified ingress port. If the port parameter is specified, the specified port strings must be the same.
storage-type non-volatile | volatile (Optional) Adds or removes this entry from non-volatile storage.
drop | forward (Optional) Specifies that packets within this classification will be dropped or forwarded.
cos cos (Optional) Specifies that this rule will classify to a Class-of-Service ID. Valid values are 0 - 255, and can be configured using the set cos settings command as described in set cos settings. A value of -1 indicates that no CoS forwarding behavior modification is desired.
quarantine-profile quarantine-profile (Optional) Set the quarantine profile index for this rule. Valid values are 1 - 1024.
clear-quarantine-
profile (Optional) Clear the quarantine profile on this rule.
prohibit-quarantine-
profile (Optional) Prohibit quarantine on this rule.

Defaults

  • If mask is not specified, all data bits will be considered relevant.
  • If port-string is not specified, rule will be scoped to all ports.
  • If drop or forward is not specified, the rule does not apply these behaviors.
  • If a cos is not specified, no Class-of-Service is applied to the rule.

Mode

All command modes.

Usage

Classification rules are automatically enabled when created.

Examples

This example shows how to use Valid Values for Policy Classification Rules to create (and enable) a classification rule to associate with policy number 1. This rule will drop Ethernet II Type 1526 frames:

System(rw)->set policy rule 1 ether 1526 drop

This example shows how to use Valid Values for Policy Classification Rules to create (and enable) a classification rule to associate with policy profile number 5. This rule specifies that UDP frames from source port tg.1.1 will be forwarded:

System(rw)->set policy rule 5 udpsourceportip port port-string tg.1.1 forward

Valid Values for Policy Classification Rules provides the set policy rule and set policy admin-profile data values that can be entered for a particular classification type, and the mask bits that can be entered for each classifier associated with that parameter.

Click to expand in new window

Valid Values for Policy Classification Rules

Classification Rule Parameter data value mask bits
ether Type field in Ethernet II packet: 1536 - 65535 1 - 16

icmptype ICMP Type: a.b 1 - 16
Destination or Source IP Address: 
ipdestsocket
ipsourcesocket IP Address in dotted decimal format: 000.000.000.000 and (Optional) post-fixed port: 0 - 65535 1 - 48

ipfrag Not applicable. Not applicable.
ipproto Protocol field in IP packet:
0 - 255 1 - 8
iptos Type of Service field in IP packet: 0 - 255 1 - 8
ipttl Time-to-live (TTL) in IP packet: 0 - 255 1 - 8
Destination or Source MAC: macdest
macsource MAC Address: 00-00-00-00-00-00 1 - 48
port Port string: Eg. ge.1.1 1 - 16
Destination or Source TCP port:
tcpdestportip 
tcpsourceportip TCP Port Number with optional post-fix IP address: 
ab[:c.d.e.f] 0-65535:1.1.1.1; or 0-0xFFFF:1.1.1.1 1 - 48
Destination or Source UDP port:
udpsourceportip
udpdestportip UDP Port Number with optional post-fix IP address: 
ab[:c.d.e.f] 0-65535:1.1.1.1; or 0-0xFFFF:1.1.1.1 1 - 48
Published May 2016prev | next

Email this topicEmail this topic

Print this pagePrint this page