Classification rules associate specific traffic classifications or policy behaviors with the policy role. There are two aspects of classification rule configuration:
Both the administrative profile and policy rules are associated with the policy role by specifying the admin-pid option, in the case of an administrative profile, or a profile-index value, in the case of the policy rule. Administrative profiles and policy rules are configured using the set policy rule command.
The administrative profile assigns a traffic classification to a policy role by using the admin-profile option of the set policy rule command.
Policy rules are based on traffic classifications. Administrative Policy and Policy Rule Traffic Classifications provides the supported policy rule traffic classification command options and definitions.
A detailed discussion of supported traffic classifications is available in the “Traffic Classification Rules” section of the NetSight Policy Manager online help.
Administrative Policy and Policy Rule Traffic Classifications
| Traffic Classification | Description | Attribute ID |
|---|---|---|
| macsource | Classifies based on MAC source address. | 1 |
| macdest | Classifies based on MAC destination address. | 2 |
| ipxsource | Classifies based on source IPX address (S-, K-Series). | 3 |
| ipxdest | Classifies based on destination IPX address (S-, K-Series). | 4 |
| ipxsourcesocket | Classifies based on source IPX socket (S-, K-Series). | 5 |
| ipxdestsocket | Classifies based on destination IPX socket (S-, K-Series). | 6 |
| ipxclass | Classifies based on transmission control in IPX (S-, K-Series). | 7 |
| ipxtype | Classifies based on IPX packet type (S-, K-Series). | 8 |
| ip6source | Classifies based on IPv6 source address (S-, K-Series). | 9 |
| ip6dest | Classifies based on IPv6 destination address. | 10 |
| ip6flowlabel | Classifies based on IPv6 flow label (S-, K-Series). | 11 |
| ipsourcesocket | Classifies based on source IP address. | 12 |
| ipdestsocket | Classifies based on destination IP address. | 13 |
| ip frag | Classifies based on IP fragmentation value. | 14 |
| udpsourceportip | Classifies based on UDP source port. | 15 |
| udpdestportip | Classifies based on UDP destination port. | 16 |
| tcpsourceportip | Classifies based on TCP source port. | 17 |
| tcpdestportip | Classifies based on TCP destination port. | 18 |
| icmptype | Classifies based on ICMP packet type (S-, K-Series). | 19 |
| ipttl | Classifies based on Time-To-Live (TTL). | 20 |
| iptos | Classifies based on Type of Service field in IP packet. | 21 |
| ipproto | Classifies based on protocol field in IP packet. | 22 |
| icmp6type | Classifies based on ICMPv6 packet type (S-, K-Series). | 23 |
| ether | Classifies based on type field in Ethernet II packet. | 25 |
| llcDsapSsap | Classifies based on DSAP/SSAP pair in 802.3 type packet (S-, K-Series). | 26 |
| vlantag | Classifies based on VLAN tag (S-, K-Series). | 27 |
| tci | Classifies based on Tag Control Information (S-, K-Series). | 28 |
| application | Classifies based upon applications (llmnr, ssdp, or mdns-sd) (S-, K-Series). | 29 |
| port | Classifies based on port-string. | 31 |
A data value is associated with most traffic classifications to identify the specific network element for that classification. For data value and associated mask details, see the “Valid Values for Policy Classification Rules” table in the set policy rule command discussion of the command reference guide for your platform.
On the S- and K-Series, the following example enables TCI overwrite for policy profile 1, followed by an example that enables TCI overwrite on port ge.1.1:
System(rw)->set policy profile 1 tci-overwrite enable System(rw)->set port tcioverwrite ge.1.1 enable
Print
this page
Email this topic
Feedback
View PDF
Download EPUB