mark |
Creates a mark rule and configures the match criteria.
When applied, the rule marks packets, matching the criteria configured here, with
802.1p priority value or DSCP code. The match criteria options are: app-category and
application. |
app-category [<PURVIEW-APP-CATEGORY-NAME>|all] |
Uses application category as the match criteria
- <PURVIEW-APP-CATEGORY-NAME> – Specify the application category.
- all – The system marks all
packets.
|
application <PURVIEW-APP-NAME> |
Uses application name as the match criteria
- <PURVIEW-APP-NAME> –
Specify the application name. Each packet‘s application is matched with the
application name specified here. In case of a match, the system marks the
packet.
Note: The Purview™ engine
recognizes 36 app-categories with 2406 canned applications. If the application you
are looking for is not in this list, use the application command to add the application to the list.
|
8021p <0-7> |
Marks packets matching the specified criteria with
802.1p priority value
- <0-7> – Specify a value from 0 - 7.
The IEEE 802.1p signaling standard enables marking of layer 2 network
traffic. Layer 2 network devices (such as switches), using 802.1p standards, group
traffic into classes based on their 802.1p priority value, which is appended to
the packet‘s MAC header. In case of traffic congestion, packets with higher
priority get precedence over lower priority packets and are forwarded
first.
|
dscp <0-63> |
Marks packets matching the specified criteria with DSCP
ToS code
- <0-63> – Specify a value from 0 - 63.
The DSCP protocol marks layer 3 network traffic. Layer 3 network devices
(such as routers) using DSCP, mark each layer 3 packet with a six-bit DSCP code,
which is appended to the packet‘s IP header. Each DSCP code is assigned a
corresponding level of service, enabling packet prioritization.
|
schedule <SCHEDULE-POLICY-NAME> |
Schedules an enforcement time for this mark rule by associating a schedule
policy with it. Use this parameter to apply rule-specific enforcement time.
- schedule
<SCHEDULE-POLICY-NAME> – Associates a schedule policy with this rule. When
associated, the rule is enforced only on the days and time configured in the
schedule policy. Without the association of a schedule policy, all rules within
an application policy are enforced concurrently (defined by the
purview-application-policy → enforcement-time command). If
scheduling a rule, ensure that the time configured in the schedule policy is a
subset of the application policy‘s enforcement time. In other words the
application policy should be active when the rule is being enforced. For
example, if the application policy is enforced on Mondays from 10:00 to 22:00
hours and the schedule policy time-rule is set for Fridays, then this rule will
never be hit. When enforcing rules at different times the best practice would be
to keep the application policy active at all time (i.e., retain the default
enforcement-time setting as ‘all‘).
- <SCHEDULE-POLICY-NAME> – Specify the policy name (should be existing
and configured). After applying a schedule policy, specify a precedence for
the rule.
In case of no schedule policy being applied, the rule is enforced as per the
enforcement-time configured in the application policy. For more information, see
enforcement-time.
|
precedence <1-256> |
Assigns a precedence value for this mark rule. The precedence value
differentiates between rules applicable to applications and the application
categories they belong. The allow, deny, mark, rate-limit options are mutually
exclusive. In other words, in an application policy, for a specific application or
application category, you can create either an allow rule, or a deny rule, or a mark
and rate-limit rule. |