[Contents] [Prev] [Next] [Index] [Report an Error]

Configuring Protocol Conditions with Parameters

Use the following configuration statements to configure classify-traffic conditions that contain a parameter value for the protocol:

policies group name list name rule name traffic-condition name parameter-protocol-condition {
protocol protocol ;
protocol-operation protocol-operation ;
tcp-flags tcp-flags ;
tcp-flags-mask tcp-flags-mask ;
spi spi ;
ip-flags ip-flags ;
ip-flags-mask ip-flags-mask ;
fragment-offset fragment-offset ;
packet-length packet-length ;
}
policies group name list name rule name traffic-condition name parameter-protocol-condition proto-attr {
icmp-type icmp-type ;
icmp-code icmp-code ;
igmp-type igmp-type ;
}
policies group name list name rule name traffic-condition name parameter-protocol-condition proto-attr destination-port port {
port-operation port-operation ;
from-port from-port ;
}
policies group name list name rule name traffic-condition name parameter-protocol-condition proto-attr source-port port {
port-operation port-operation ;
from-port from-port ;
}

To configure a protocol condition that contains a parameter value for the protocol:

  1. From configuration mode, enter the parameter protocol condition configuration. For example:
  2. Assign a parameter as the protocol matched by this classify-traffic condition.

    Before you assign a parameter, you must create a parameter of type protocol and commit the parameter configuration.

  3. (Optional) Configure the policy to match packets with the protocol that is either equal or not equal to the specified protocol.
  4. (Optional) Configure the value of the TCP flags field in the IP header.
  5. (Optional) Configure the mask associated with TCP flags.
  6. (Optional) Specify the authentication header (AH) or the encapsulating security payload (ESP) security parameter index (SPI).
  7. (Optional) Configure the value of the IP flags field in the IP header.
  8. (Optional) Configure the mask that is associated with the IP flag.
  9. (Optional) Configure the value of the fragment offset field.
  10. (Optional) Configure the packet length on which to match. The length refers only to the IP packet, including the packet header, and does not include any layer 2 encapsulation overhead.
  11. (Optional) Enter the protocol attribute configuration.
  12. (Optional) Configure the ICMP packet type.
  13. (Optional) Configure the ICMP code.
  14. (Optional) Configure the IGMP packet type on which to match.
  15. (Optional) Enter the destination port configuration.
  16. (Optional) Configure the policy to match packets with a port that is either equal or not equal to the specified port.
  17. (Optional) Configure the TCP or UDP destination port.
  18. (Optional) Enter the source port configuration.
  19. (Optional) Configure the policy to match packets with a port that is either equal or not equal to the specified port.
  20. (Optional) Configure the TCP or UDP source port.
  21. (Optional) Verify the parameter protocol configuration. 
    [edit policies group junose list dhcp rule forward-dhcp traffic-condition ctc parameter-protocol-condition]
user@host# show 
protocol protocol;
protocol-operation is;
tcp-flags 0;
tcp-flags-mask 0;
ip-flags 0;
ip-flags-mask 0;
proto-attr {
  icmp-type 255;
  icmp-code 255;
  destination-port {
    port {
      port-operation eq;
      from-port outsidePort;
    }
  }
}
    

    22. 



Related Topics




[Contents]
[Prev]
[Next]

[Index]

[Report an Error]










Copyright © 2008, Juniper Networks, Inc.
All Rights Reserved.
	Trademark Notice.