configure policy rule

configure policy rule profile_index ether ether | ip6dest ip6dest | ip6source ip6source | ipdestsocket ipdestsocket | ipfrag | ipproto ipproto | ipsourcesocket ipsourcesocket | iptos iptos | ipttl ipttl | macdest macdest | macsource macsource | port port | tcpdestportIP tcpdestportIP | tcpsourceportIP tcpsourceportIP | udpdestportIP udpdestportIP | udpsourceportIP udpsourceportIP ] {mask mask } {port-string [ port_string | all]} {storage-type [non-volatile | volatile]} {drop | forward} {cos cos }

Description

Use this command to assign incoming untagged frames to a specific policy profile and to VLAN or Class-of-Service classification rules.

Syntax Description

port Port string.
port Port string - (data: 1; mask: 16).
macdest MAC destination address.
macdest MAC destination address - (data: a-b-c-d-e-f; mask: 1-48).
ip6dest IPv6 address.
ip6dest IPv6 address (data: aaaa::bbbb; mask 1-128).
ipsourcesocket Source IP address / Source IpSocket (a.b.c.d / a.b.c.d:0-65535).
ipsourcesocket Source IP address (data: a.b.c.d; mask: 1-32).
ipdestsocket Destination IP address / Destination IpSocket (a.b.c.d / a.b.c.d:0-65535)..
ipdestsocket Destination IP address (data: a.b.c.d; mask: 1-32).
ipfrag IP fragmentation flag.
tcpdestportIP TCP port dst with optional post-fix IPv4 address.
tcpdestportIP TCP port dst with optional post-fix IPv4 address - (data: ab[:c.d.e.f]); mask: 1-48.
udpdestportIP UDP port dst with optional post-fix IPv4 address.
udpdestportIP UDP port dst with optional post-fix IPv4 address - (data: ab[:c.d.e.f]); mask: 1-48.
tcpsourceportIP TCP port src with optional post-fix IPv4 address.
tcpsourceportIP TCP port src with optional post-fix IPv4 address - (data: ab[:c.d.e.f]); mask: 1-48.
udpsourceportIP UDP port src with optional post-fix IPv4 address.
udpsourceportIP UDP port src with optional post-fix IPv4 address - (data: ab[:c.d.e.f]); mask: 1-48.
ipttl IP time to live.
ipttl IP time to live - (data: 0-255).
iptos IPv4 type of service / IPv6 traffic class field.
iptos IPv4 type of service / IPv6 traffic class field - (data: 0-255; mask: 1-8).
ipproto Protocol field in IP packet.
ipproto Protocol field in IP packet - (data: 0-255 or 0-0xFF; mask: 1-8).
ether Type field in Ethernet II packet.
ether Type field in Ethernet II packet - (data: 0-65535 or 0x0-0xFFFF; mask: 1-16).
cos Class of Service [0-255] or -1 for no CoS or forwarding behavior modification is desired
cos Class of Service [0-255] or -1 for no CoS or forwarding behavior modification is desired.

Default

  • If mask is not specified, all data bits will be considered relevant.
  • If port-string is not specified, rule will be scoped to all ports.

Usage Guidelines

Classification rules are automatically enabled when created.

Example

This example shows how to create (and enable) a classification rule to associate with policy number 1. This rule will drop Ethernet II Type 1526 frames:
configure policy rule 1 ether 1526 drop
This example shows how to create (and enable) a classification rule to associate with policy profile number 5. This rule specifies that UDP frames from source port 45 will be forwarded:
configure policy rule 5 udpsourceportip 45 forward forward

History

This command was first available in ExtremeXOS 16.1.

Platform Availability

This command is available on all platforms.