[Contents] [Prev] [Next] [Index] [Report an Error]

Configuring TCP Conditions

Use the following configuration statements to add TCP conditions to a classify-traffic condition:

policies group name list name rule name traffic-condition name tcp-condition {
tcp-flags tcp-flags ;
tcp-flags-mask tcp-flags-mask ;
protocol protocol ;
protocol-operation protocol-operation ;
ip-flags ip-flags ;
ip-flags-mask ip-flags-mask ;
fragment-offset fragment-offset ;
packet-length packet-length ;
}

Because the protocol is already set to TCP, do not change the protocol or protocol-operation options.

policies group name list name rule name traffic-condition name tcp-condition destination-port port {
port-operation port-operation ;
from-port from-port ;
}
policies group name list name rule name traffic-condition name tcp-condition source-port port {
port-operation port-operation ;
from-port from-port ;
}

To add TCP conditions to a classify-traffic condition:

  1. From configuration mode, enter the TCP configuration. For example:
  2. (Optional) Configure the value of the TCP flags field in the IP header.
  3. (Optional) Configure the mask associated with TCP flags.
  4. (Optional) Configure the value of the IP flags field in the IP header.
  5. (Optional) Configure the mask that is associated with the IP flag.
  6. (Optional) Configure the value of the fragment offset field.
  7. (Optional) For JUNOS filter policies, configure the packet length on which to match. The length refers only to the IP packet, including the packet header, and does not include any layer 2 encapsulation overhead.
  8. (Optional) Enter the destination port configuration for the TCP configuration.
  9. (Optional) Configure the policy to match packets with a port that is either equal or not equal to the specified port.
  10. (Optional) Configure the destination port.
  11. (Optional) Enter the source port configuration for the TCP configuration.
  12. (Optional) Configure the policy to match packets with a port that is either equal or not equal to the specified port.
  13. (Optional) Configure the source port.
  14. (Optional) Verify the TCP condition configuration. 
    [edit policies group junos list tcpCondition rule pr traffic-condition ctc tcp-condition]
user@host# show 
tcp-flags 0;
tcp-flags-mask 0;
protocol tcp;
protocol-operation is;
ip-flags 0;
ip-flags-mask 0;
destination-port {
  port {
    port-operation eq;
    from-port service_port;
  }
}
source-port { 
  port { 
    port-operation eq;
    from-port service_port;
  }
}
    

    15. 



Related Topics




[Contents]
[Prev]
[Next]

[Index]

[Report an Error]










Copyright © 2008, Juniper Networks, Inc.
All Rights Reserved.
	Trademark Notice.