Creating and Attaching a Policy with IP Classifiers

In this example, a policy with a combination of IP classifiers is created and attached. The configuration conforms to the 128 bit limit.

  1. Match all TCP SYN packets from 1.1.1.1 to any DA with port 2000.
    host1(config)#ip classifier-list tcpCLACL tcp host 1.1.1.1 any eq 2000 tcp-flags "SYN"
  2. Match all IP packets with the don’t fragment flag set to host 2.2.2.2.
    host1(config)#ip classifier-list ipCLACL ip any host 2.2.2.2 ip-flags "dont-fragment"
  3. Match all ICMP echo packets.
    host1(config)#ip classifier-list icmpCLACL icmp any any 8 0
  4. Match all frames with the color red.
    host1(config)#ip classifier-list colorCLACL color red ip any any
  5. Create a policy list.
    host1(config)#ip policy-list ipPolhost1(config-policy-list)#classifier-group colorCLACLhost1(config-policy-list-classifier-group)#filterhost1(config-policy-list-classifier-group)#classifier-group tcpCLACLhost1(config-policy-list-classifier-group)#filterhost1(config-policy-list-classifier-group)#classifier-group icmpCLACLhost1(config-policy-list-classifier-group)#filterhost1(config-policy-list-classifier-group)#classifier-group ipCLAChost1(config-policy-list-classifier-group)#filter
  6. Apply the policy list to an interface.
    host1(config)#interface atm 5/0/0.1 host1(config-if)#ip policy input ipPol

    Table 24 lists the active classifiers in the policy named ipPol and the size of each classifier.

    Table 24: Classification Fields for Example 1

    Classifiers

    Size (Bits)

    Source address

    32

    Destination address

    32

    Destination port, ICMP type, ICMP code

    16

    Protocol

    8

    Color and TCP flags

    8

    TOS

    8

    IP flags

    8

    The total value of the classifiers requested in the ipPol policy is 112, which is less than 128 bit CAM entry size limit.

In this example, a policy with a combination of IP classifiers is created and attached. The configuration exceeds the 128 bit limit.

  1. Match all TCP packets from 1.1.1.1 port 10 to 2.2.2.2 port 20.
    host1(config)#ip classifier-list tcpCLACL tcp host 1.1.1.1 eq 10 host 2.2.2.2 eq 20
  2. Match all IP fragmentation offset equal to 1.
    host1(config)#ip classifier-list ipFragCLACL ip any any ip-frag-offset eq 1
  3. Match all frames with the color red.
    host1(config)#ip classifier-list colorCLACL color red traffic-class best-effort ip any any
  4. Match all frames with UPC 1.
    host1(config)#ip classifier-group upcCLACL user-packet-class 1 ip any any
  5. Create a policy list.
    host1(config)#ip policy-list ipPol host1(config-policy-list)#classifier-group colorCLACL host1(config-policy-list-classifier-group)#filter host1(config-policy-list-classifier-group)#classifier-group ipFragCLACL host1(config-policy-list-classifier-group)#filter host1(config-policy-list-classifier-group)#classifier-group igmpCLACL host1(config-policy-list-classifier-group)#forward host1(config-policy-list-classifier-group)#classifier-group lowDelayCLACL host1(config-policy-list-classifier-group)#traffic-class strict-priority host1(config-policy-list-classifier-group)#classifier-group tcpCLACL host1(config-policy-list-classifier-group)#forward host1(config-policy-list-classifier-group)#classifier-group * host1(config-policy-list-classifier-group)#filter
  6. Apply the policy list to an interface.
    host1(config)#interface atm 5/0/0.1 host1(config-if)#ip policy input ipPol % too many classifier fields in policy

    Table 25 lists the active classifiers in the policy named ipPol and the size of each classifier.

    Table 25: Classification Fields for Example 2

    Classifiers

    Size (Bits)

    Source address

    32

    Source port

    16

    Destination port

    16

    Protocol

    8

    User packet class

    8

    Color

    8

    IP fragmentation

    8

    ToS

    8

    The configuration fails because the total value of the classifiers requested in the ipPol policy is 136, which is greater than 128 bit CAM entry size limit.

Related Documentation