[Contents] [Prev] [Next] [Index] [Report an Error]

Configuring Protocol Conditions with Ports (SRC CLI)

Use the following configuration statements to add general protocol conditions with ports to a classify-traffic condition:

policies group name list name rule name traffic-condition name protocol-port-condition {
protocol protocol ;
protocol-operation protocol-operation ;
ip-flags ip-flags ;
ip-flags-mask ip-flags-mask ;
fragment-offset fragment-offset;
packet-length packet-length ;
}
policies group name list name rule name traffic-condition name protocol-port-condition destination-port port {
port-operation port-operation ;
from-port from-port ;
}
policies group name list name rule name traffic-condition name protocol-port-condition source-port port {
port-operation port-operation ;
from-port from-port ;
}

To add general protocol conditions with ports to a classify-traffic condition:

  1. From configuration mode, enter the protocol port condition configuration. For example:
    user@host# edit policies group junos list bodVpn rule pr traffic-condition ctc protocol-port-condition
  2. Configure the protocol matched by this classify-traffic condition.
    [edit policies group junos list bodVpn rule pr traffic-condition ctc protocol-port-condition]
    user@host# set protocol protocol
  3. Configure the policy to match packets with the protocol that is either equal or not equal to the specified protocol.
    [edit policies group junos list bodVpn rule pr traffic-condition ctc protocol-port-condition]
    user@host# set protocol-operation protocol-operation
  4. (Optional) Configure the value of the IP flags field in the IP header.
    [edit policies group junos list bodVpn rule pr traffic-condition ctc protocol-port-condition]
    user@host# set ip-flags ip-flags
  5. (Optional) Configure the mask that is associated with the IP flag.
    [edit policies group junos list bodVpn rule pr traffic-condition ctc protocol-port-condition]
    user@host# set ip-flags-mask ip-flags-mask
  6. (Optional) Configure the value of the fragment offset field.
    [edit policies group junos list bodVpn rule pr traffic-condition ctc protocol-port-condition]
    user@host# set fragment-offset fragment-offset
  7. (Optional) Configure the packet length on which to match. The length refers only to the IP packet, including the packet header, and does not include any layer 2 encapsulation overhead.
    [edit policies group junos list bodVpn rule pr traffic-condition ctc protocol-port-condition
    user@host# set packet-length packet-length
  8. (Optional) Enter the destination port configuration for the protocol port configuration.
    [edit policies group junos list bodVpn rule pr traffic-condition ctc protocol-port-condition]
    user@host# edit destination-port
  9. (Optional) Configure the policy to match packets with a port that is either equal or not equal to the specified port.
    [edit policies group junos list bodVpn rule pr traffic-condition ctc protocol-port-condition destination-port port]
    user@host# set port-operation port-operation
  10. (Optional) Configure the destination port.
    [edit policies group junos list bodVpn rule pr traffic-condition ctc protocol-port-condition destination-port port]
    user@host# set from-port from-port
  11. (Optional) Enter the source port configuration for the protocol port configuration.
    user@host# up
    [edit policies group junos list bodVpn rule pr traffic-condition ctc protocol-port-condition]
    user@host# edit source-port
  12. (Optional) Configure the policy to match packets with a port that is either equal or not equal to the specified port.
    [edit policies group junos list bodVpn rule pr traffic-condition ctc protocol-port-condition source-port port]
    user@host# set port-operation port-operation
  13. (Optional) Configure the source port.
    [edit policies group junos list bodVpn rule pr traffic-condition ctc protocol-port-condition source-port port]
    user@host# set from-port from-port
    [edit policies group junos list bodVpn rule pr traffic-condition ctc protocol-port-condition source-port port]
    user@host# up
  14. (Optional) Verify your protocol condition configuration. 
    [edit policies group junos list bodVpn rule pr traffic-condition ctc protocol-port-condition]
user@host# show 
protocol 17;
protocol-operation 1;
ip-flags ipFlags;
ip-flags-mask ipFlagsMask;
fragment-offset ipFragOffset;
packet-length packetLength;
destination-port { 
  port { 
    port-operation eq;
    from-port service_port;
  }
}
source-port {
  port {
    port-operation eq;
    from-port service_port;
  }
}
    

    15. 



Related Topics




[Contents]
[Prev]
[Next]

[Index]

[Report an Error]










Copyright © 2009, Juniper Networks, Inc.
All rights reserved.
	Trademark Notice.