mark |
Creates a mark rule and configures the match criteria.
When applied, the rule marks packets, matching the criteria configured here, with
802.1p priority value or DSCP code. The match criteria options are: app-category and
application. |
app-category [<APP-CATEGORY-NAME>|all] |
Uses application category as the match criteria
- <APP-CATEGORY-NAME> – Specify the application category. The options are:
antivirus\ update, audio, business, conference, custom, database, file transfer,
gaming, generic, im, mail, mobile, network\ management, other, p2p,
remote_control, social\ networking, standard, streaming, tunnel, video, voip,
and web. Each packet‘s app-category is matched with the value specified here. In
case of a match, the system marks the packet.
- all – The system marks all packets irrespective of the application
category.
|
application <APPLICATION-NAME> |
Uses application name as the match criteria
- <APPLICATION-NAME> – Specify the application name.
Each packet‘s application is matched with the application
name specified here. In case of a match, the system marks
the packet.
The WiNG database provides approximately 309 canned
applications. In addition to these, the database includes
custom-made applications. These are application definitions
created using the application command.
|
8021p <0-7> |
Marks packets matching the specified criteria with
802.1p priority value
- <0-7> – Specify a value from 0 - 7.
The IEEE 802.1p signaling standard enables marking of layer 2 network
traffic. Layer 2 network devices (such as switches), using 802.1p standards, group
traffic into classes based on their 802.1p priority value, which is appended to
the packet‘s MAC header. In case of traffic congestion, packets with higher
priority get precedence over lower priority packets and are forwarded
first.
|
dscp <0-63> |
Marks packets matching the specified criteria with DSCP
ToS code
- <0-63> – Specify a value from 0 - 63.
The DSCP protocol marks layer 3 network traffic. Layer 3 network devices
(such as routers) using DSCP, mark each layer 3 packet with a six-bit DSCP code,
which is appended to the packet‘s IP header. Each DSCP code is assigned a
corresponding level of service, enabling packet prioritization.
|
schedule <SCHEDULE-POLICY-NAME> |
Schedules an enforcement time for this mark rule by
associating a schedule policy with it. Use this parameter to
apply rule-specific enforcement time.
- schedule
<SCHEDULE-POLICY-NAME> – Associates a schedule policy
with the rule. When associated, the rule is enforced only on
the days and time configured in the schedule policy. Without
the association of a schedule policy, all rules within an
application policy are enforced concurrently (defined by the
application-policy > enforcement-time command). If
scheduling a rule, ensure that the time configured in the
schedule policy is a subset of the application policy‘s
enforcement time. In other words the application policy
should be active when the rule is being enforced. For
example, if the application policy is enforced on Mondays
from 10:00 to 22:00 hours and the schedule policy time-rule
is set for Fridays, then this rule will never be hit. When
enforcing rules at different times the best practice would
be to keep the application policy active at all time (i.e.,
retain the default enforcement-time setting as ‘all‘).
- <SCHEDULE-POLICY-NAME> – Specify the policy name
(should be existing and configured). After applying a
schedule policy, specify a precedence for the rule.
In case of no schedule policy being applied, the rule is
enforced as per the enforcement-time configured in the
application policy. For more information, see enforcement-time.
|
precedence <1-256> |
Assigns a precedence value for this mark rule. The
precedence value differentiates between rules applicable to applications and the
application categories they belong. The allow, deny, mark, rate-limit options are
mutually exclusive. In other words, in an application policy, for a specific
application or application category, you can create either an allow rule, or a deny
rule, or a mark and rate-limit rule. Let us consider application youtube
belonging to app-category streaming.
The action required is: Allow
youtube packets and deny all other applications belonging to app-category
streaming.
The rules can be defined
as: #allow application youtube precedence 1
#deny app-category streaming precedence 2
The
following configuration is
incorrect: #deny app-category streaming precedence 1
#allow application youtube precedence 2
Once
the deny app-category streaming precedence 1 rule is hit, all streaming packets,
including youtube, are dropped. Consequently, there are no packets left to apply
the subsequent allow rule.
The mark and rate-limit rules are the only two
actions that can be combined for a specific application or application category
type.
|