[Contents] [Prev] [Next] [Index] [Report an Error]

Configuring Protocol Conditions (SRC CLI)

The procedure in this sections shows how to configure general protocol conditions.

Use the following configuration statements to add general protocol conditions to a classify-traffic condition:

policies group name list name rule name traffic-condition name protocol-condition {
protocol protocol ;
protocol-operation protocol-operation ;
ip-flags ip-flags ;
ip-flags-mask ip-flags-mask ;
fragment-offset fragment-offset ;
packet-length packet-length ;
}

To add general protocol conditions to a classify-traffic condition:

  1. From configuration mode, enter the general protocol condition configuration. For example:
    user@host# edit policies group dhcp list in rule forward-dhcp traffic-condition client-dhcp protocol-condition
  2. Configure the protocol matched by this classify-traffic condition.
    [edit policies group dhcp list in rule forward-dhcp traffic-condition client-dhcp protocol-condition]
    user@host# set protocol protocol
  3. Configure the policy to match packets with the protocol that is either equal or not equal to the specified protocol.
    [edit policies group dhcp list in rule forward-dhcp traffic-condition client-dhcp protocol-condition]
    user@host# set protocol-operation protocol-operation
  4. (Optional) Configure the value of the IP flags field in the IP header.
    [edit policies group dhcp list in rule forward-dhcp traffic-condition client-dhcp protocol-condition]
    user@host# set ip-flags ip-flags
  5. (Optional) Configure the mask that is associated with the IP flag.
    [edit policies group dhcp list in rule forward-dhcp traffic-condition client-dhcp protocol-condition]
    user@host# set ip-flags-mask ip-flags-mask
  6. (Optional) Configure the value of the fragment offset field.
    [edit policies group dhcp list in rule forward-dhcp traffic-condition client-dhcp protocol-condition]
    user@host# set fragment-offset fragment-offset
  7. (Optional) Configure the packet length on which to match. The length refers only to the IP packet, including the packet header, and does not include any layer 2 encapsulation overhead.
    [edit policies group dhcp list in rule forward-dhcp traffic-condition client-dhcp protocol-condition]
    user@host# set packet-length packet-length
  8. (Optional) Verify your protocol condition configuration. 
    [edit policies group dhcp list in rule forward-dhcp traffic-condition client-dhcp protocol-condition]
user@host# show 
protocol 0;
protocol-operation 1;
ip-flags 0;
ip-flags-mask 0;
fragment-offset any;
    

    9. 



Related Topics




[Contents]
[Prev]
[Next]

[Index]

[Report an Error]










Copyright © 2009, Juniper Networks, Inc.
All rights reserved.
	Trademark Notice.