[Contents] [Prev] [Next] [Index] [Report an Error]

Creating and Attaching a Policy with IP Classifiers

In this example, a policy with a combination of IP classifiers is created and attached. The configuration conforms to the 128 bit limit.

  1. Match all TCP SYN packets from 1.1.1.1 to any DA with port 2000.
    host1(config)#ip classifier-list tcpCLACL tcp host 1.1.1.1 any eq 2000 tcp-flags "SYN"
  2. Match all IP packets with the don’t fragment flag set to host 2.2.2.2.
    host1(config)#ip classifier-list ipCLACL ip any host 2.2.2.2 ip-flags "dont-fragment"
  3. Match all ICMP echo packets.
    host1(config)#ip classifier-list icmpCLACL icmp any any 8 0
  4. Match all frames with the color red.
    host1(config)#ip classifier-list colorCLACL color red ip any any
  5. Create a policy list.
    host1(config)#ip policy-list ipPol
    host1(config-policy-list)#classifier-group colorCLACL
    host1(config-policy-list-classifier-group)#filter
    host1(config-policy-list-classifier-group)#classifier-group tcpCLACL
    host1(config-policy-list-classifier-group)#filter
    host1(config-policy-list-classifier-group)#classifier-group icmpCLACL
    host1(config-policy-list-classifier-group)#filter
    host1(config-policy-list-classifier-group)#classifier-group ipCLACL
    host1(config-policy-list-classifier-group)#filter
  6. Apply the policy list to an interface.
    host1(config)#interface atm 5/0.1
    host1(config-if)#ip policy input ipPol

    Table 19 lists the active classifiers in the policy named ipPol and the size of each classifier.

    Table 19: Classification Fields for Example 1

    Classifiers

    Size (Bits)

    Source address

    32

    Destination address

    32

    Destination port, ICMP type, ICMP code

    16

    Protocol

    8

    Color and TCP flags

    8

    TOS

    8

    IP flags

    8

    The total value of the classifiers requested in the ipPol policy is 112, which is less than 128 bit CAM entry size limit.

In this example, a policy with a combination of IP classifiers is created and attached. The configuration exceeds the 128 bit limit.

  1. Match all TCP packets from 1.1.1.1 port 10 to 2.2.2.2 port 20.
    host1(config)#ip classifier-list tcpCLACL tcp host 1.1.1.1 eq 10 host 2.2.2.2 eq 20
  2. Match all IP fragmentation offset equal to 1.
    host1(config)#ip classifier-list ipFragCLACL ip any any ip-frag-offset eq 1
  3. Match all frames with the color red.
    host1(config)#ip classifier-list colorCLACL color red traffic-class best-effort ip any any
  4. Match all frames with UPC 1.
    host1(config)#ip classifier-group upcCLACL user-packet-class 1 ip any any
  5. Create a policy list.
    host1(config)#ip policy-list ipPol
    host1(config-policy-list)#classifier-group colorCLACL
    host1(config-policy-list-classifier-group)#filter
    host1(config-policy-list-classifier-group)#classifier-group ipFragCLACL
    host1(config-policy-list-classifier-group)#filter
    host1(config-policy-list-classifier-group)#classifier-group igmpCLACL
    host1(config-policy-list-classifier-group)#forward
    host1(config-policy-list-classifier-group)#classifier-group lowDelayCLACL
    host1(config-policy-list-classifier-group)#traffic-class strict-priority
    host1(config-policy-list-classifier-group)#classifier-group tcpCLACL
    host1(config-policy-list-classifier-group)#forward
    host1(config-policy-list-classifier-group)#classifier-group *
    host1(config-policy-list-classifier-group)#filter
  6. Apply the policy list to an interface.
    host1(config)#interface atm 5/0.1
    host1(config-if)#ip policy input ipPol
    % too many classifier fields in policy

    Table 20 lists the active classifiers in the policy named ipPol and the size of each classifier.

    Table 20: Classification Fields for Example 2

    Classifiers

    Size (Bits)

    Source address

    32

    Source port

    16

    Destination port

    16

    Protocol

    8

    User packet class

    8

    Color

    8

    IP fragmentation

    8

    ToS

    8

    The configuration fails because the total value of the classifiers requested in the ipPol policy is 136, which is greater than 128 bit CAM entry size limit.

[Contents] [Prev] [Next] [Index] [Report an Error]

Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice.