mark

purview-application-policy

Creates a mark rule and configures the match criteria based on which packets are marked

Marks packets, matching a specified set of application categories or applications/protocols, with 802.1p priority level or DSCP type of service (ToS) code. Marking packets is a means of identifying them for specific actions, and is used to provide different levels of service to different traffic types.

Supported in the following platforms:

  • Access Points — AP505i, AP510i/e, AP560i/h
Note

Note

Purview DPI engine is not supported on the WiNG 7.1.2 enabled NX5500, NX7500, NX9500, NX9600 and VX9000 platforms. This support will be introduced in future releases.

Syntax

mark [app-category [<APP-CATEGORY-NAME>|all]|application <PURVIEW-APP-NAME>] 
[8021p <0-7>|dscp <0-63>] schedule <SCHEDULE-POLICY-NAME> (precedence <1-256>)

Parameters

mark [app-category [<PURVIEW-APP-CATEGORY-NAME>|all]|application <PURVIEW-APP-NAME>] 
[8021p <0-7>|dscp <0-63>] schedule <SCHEDULE-POLICY-NAME> (precedence <1-256>)
mark Creates a mark rule and configures the match criteria. When applied, the rule marks packets, matching the criteria configured here, with 802.1p priority value or DSCP code. The match criteria options are: app-category and application.
app-category [<PURVIEW-APP-CATEGORY-NAME>|all] Uses application category as the match criteria
  • <PURVIEW-APP-CATEGORY-NAME> – Specify the application category.
  • all – The system marks all packets.
application <PURVIEW-APP-NAME> Uses application name as the match criteria
  • <PURVIEW-APP-NAME> – Specify the application name. Each packet‘s application is matched with the application name specified here. In case of a match, the system marks the packet.
Note: The Purview™ engine recognizes 36 app-categories with 2406 canned applications. If the application you are looking for is not in this list, use the application command to add the application to the list.
8021p <0-7> Marks packets matching the specified criteria with 802.1p priority value
  • <0-7> – Specify a value from 0 - 7.

The IEEE 802.1p signaling standard enables marking of layer 2 network traffic. Layer 2 network devices (such as switches), using 802.1p standards, group traffic into classes based on their 802.1p priority value, which is appended to the packet‘s MAC header. In case of traffic congestion, packets with higher priority get precedence over lower priority packets and are forwarded first.

dscp <0-63> Marks packets matching the specified criteria with DSCP ToS code
  • <0-63> – Specify a value from 0 - 63.

The DSCP protocol marks layer 3 network traffic. Layer 3 network devices (such as routers) using DSCP, mark each layer 3 packet with a six-bit DSCP code, which is appended to the packet‘s IP header. Each DSCP code is assigned a corresponding level of service, enabling packet prioritization.

schedule <SCHEDULE-POLICY-NAME> Schedules an enforcement time for this mark rule by associating a schedule policy with it. Use this parameter to apply rule-specific enforcement time.
  • schedule <SCHEDULE-POLICY-NAME> – Associates a schedule policy with this rule. When associated, the rule is enforced only on the days and time configured in the schedule policy. Without the association of a schedule policy, all rules within an application policy are enforced concurrently (defined by the purview-application-policy → enforcement-time command). If scheduling a rule, ensure that the time configured in the schedule policy is a subset of the application policy‘s enforcement time. In other words the application policy should be active when the rule is being enforced. For example, if the application policy is enforced on Mondays from 10:00 to 22:00 hours and the schedule policy time-rule is set for Fridays, then this rule will never be hit. When enforcing rules at different times the best practice would be to keep the application policy active at all time (i.e., retain the default enforcement-time setting as ‘all‘).
    • <SCHEDULE-POLICY-NAME> – Specify the policy name (should be existing and configured). After applying a schedule policy, specify a precedence for the rule.

In case of no schedule policy being applied, the rule is enforced as per the enforcement-time configured in the application policy. For more information, see enforcement-time.

precedence <1-256> Assigns a precedence value for this mark rule. The precedence value differentiates between rules applicable to applications and the application categories they belong. The allow, deny, mark, rate-limit options are mutually exclusive. In other words, in an application policy, for a specific application or application category, you can create either an allow rule, or a deny rule, or a mark and rate-limit rule.

Examples

nx9500-6C8809(config-purview-app-policy-Bing)#mark app-category video dscp 9 precedence 4
nx9500-6C8809(config-purview-app-policy-Bing)#mark application facetime dscp 10 precedence 5
nx9500-6C8809(config-purview-app-policy-Bing)#show context
purview-application-policy Bing
 description "This application policy allows Bing search engine packets"
 enforcement-time days weekdays start-time 12:30 end-time 20:00
 allow application Bing precedence 1
 allow app-category business precedence 2
 deny app-category "social networking" precedence 3
 mark app-category video dscp 9 precedence 4
 mark application facetime dscp 10 precedence 5
 logging level critical
nx9500-6C8809(config-purview-app-policy-Bing)#

Related Commands

no Removes this mark rule from the application policy