[Contents] [Prev] [Next] [Index] [Report an Error]

Configuring Protocol Conditions with Ports

Use the following configuration statements to add general protocol conditions with ports to a classify-traffic condition:

policies group name list name rule name traffic-condition name protocol-port-condition {
protocol protocol ;
protocol-operation protocol-operation ;
ip-flags ip-flags ;
ip-flags-mask ip-flags-mask ;
fragment-offset fragment-offset;
packet-length packet-length ;
}
policies group name list name rule name traffic-condition name protocol-port-condition destination-port port {
port-operation port-operation ;
from-port from-port ;
}
policies group name list name rule name traffic-condition name protocol-port-condition source-port port {
port-operation port-operation ;
from-port from-port ;
}

To add general protocol conditions with ports to a classify-traffic condition:

  1. From configuration mode, enter the protocol port condition configuration. For example:
  2. Configure the protocol matched by this classify-traffic condition.
  3. Configure the policy to match packets with the protocol that is either equal or not equal to the specified protocol.
  4. (Optional) Configure the value of the IP flags field in the IP header.
  5. (Optional) Configure the mask that is associated with the IP flag.
  6. (Optional) Configure the value of the fragment offset field.
  7. (Optional) Configure the packet length on which to match. The length refers only to the IP packet, including the packet header, and does not include any layer 2 encapsulation overhead.
  8. (Optional) Enter the destination port configuration for the protocol port configuration.
  9. (Optional) Configure the policy to match packets with a port that is either equal or not equal to the specified port.
  10. (Optional) Configure the destination port.
  11. (Optional) Enter the source port configuration for the protocol port configuration.
  12. (Optional) Configure the policy to match packets with a port that is either equal or not equal to the specified port.
  13. (Optional) Configure the source port.
  14. (Optional) Verify your protocol condition configuration. 
    [edit policies group junos list bodVpn rule pr traffic-condition ctc protocol-port-condition]
user@host# show 
protocol 17;
protocol-operation 1;
ip-flags ipFlags;
ip-flags-mask ipFlagsMask;
fragment-offset ipFragOffset;
packet-length packetLength;
destination-port { 
  port { 
    port-operation eq;
    from-port service_port;
  }
}
source-port {
  port {
    port-operation eq;
    from-port service_port;
  }
}
    

    15. 



Related Topics




[Contents]
[Prev]
[Next]

[Index]

[Report an Error]










Copyright © 2008, Juniper Networks, Inc.
All Rights Reserved.
	Trademark Notice.