Classification Rules

Classification rules associate specific traffic classifications or policy behaviors with the policy role. There are two aspects of classification rule configuration:

Both the administrative profile and policy rules are associated with the policy role by specifying the admin-pid option, in the case of an administrative profile, or a profile-index value, in the case of the policy rule. Administrative profiles and policy rules are configured using the set policy rule command.

The administrative profile assigns a traffic classification to a policy role by using the admin-profile option of the set policy rule command.

Policy rules are based on traffic classifications. Administrative Policy and Policy Rule Traffic Classifications provides the supported policy rule traffic classification command options and definitions.

A detailed discussion of supported traffic classifications is available in the “Traffic Classification Rules” section of the NetSight Policy Manager online help.

Click to expand in new window

Administrative Policy and Policy Rule Traffic Classifications

Traffic Classification Description Attribute

ID

macsource Classifies based on MAC source address. 1
macdest Classifies based on MAC destination address. 2
ipxsource Classifies based on source IPX address (S-, K-Series). 3
ipxdest Classifies based on destination IPX address (S-, K-Series). 4
ipxsourcesocket Classifies based on source IPX socket (S-, K-Series). 5
ipxdestsocket Classifies based on destination IPX socket (S-, K-Series). 6
ipxclass Classifies based on transmission control in IPX (S-, K-Series). 7
ipxtype Classifies based on IPX packet type (S-, K-Series). 8
ip6source Classifies based on IPv6 source address (S-, K-Series). 9
ip6dest Classifies based on IPv6 destination address. 10
ip6flowlabel Classifies based on IPv6 flow label (S-, K-Series). 11
ipsourcesocket Classifies based on source IP address. 12
ipdestsocket Classifies based on destination IP address. 13
ip frag Classifies based on IP fragmentation value. 14
udpsourceportip Classifies based on UDP source port. 15
udpdestportip Classifies based on UDP destination port. 16
tcpsourceportip Classifies based on TCP source port. 17
tcpdestportip Classifies based on TCP destination port. 18
icmptype Classifies based on ICMP packet type (S-, K-Series). 19
ipttl Classifies based on Time-To-Live (TTL). 20
iptos Classifies based on Type of Service field in IP packet. 21
ipproto Classifies based on protocol field in IP packet. 22
icmp6type Classifies based on ICMPv6 packet type (S-, K-Series). 23
ether Classifies based on type field in Ethernet II packet. 25
llcDsapSsap Classifies based on DSAP/SSAP pair in 802.3 type packet (S-, K-Series). 26
vlantag Classifies based on VLAN tag (S-, K-Series). 27
tci Classifies based on Tag Control Information (S-, K-Series). 28
application Classifies based upon applications (llmnr, ssdp, or mdns-sd) (S-, K-Series). 29
port Classifies based on port-string. 31

A data value is associated with most traffic classifications to identify the specific network element for that classification. For data value and associated mask details, see the “Valid Values for Policy Classification Rules” table in the set policy rule command discussion of the command reference guide for your platform.

On the S- and K-Series, the following example enables TCI overwrite for policy profile 1, followed by an example that enables TCI overwrite on port ge.1.1:

System(rw)->set policy profile 1 tci-overwrite enable
System(rw)->set port tcioverwrite ge.1.1 enable