Configuring Protocol Conditions (SRC CLI)

The procedure in this sections shows how to configure general protocol conditions.

If your condition includes port numbers, use the procedure in Configuring Protocol Conditions with Ports (SRC CLI).

If your condition consists of a protocol that is assigned with a parameter value, use the procedure in Configuring Protocol Conditions with Parameters (SRC CLI).

Use the following configuration statements to add general protocol conditions to a classify-traffic condition:


            
               policies group  name  list  name  rule  name  traffic-condition  name  protocol-condition
                  {
               
               protocol  protocol ; 
               
               protocol-operation  protocol-operation ; 
               
               ip-flags  ip-flags ; 
               
               ip-flags-mask  ip-flags-mask ; 
               
               fragment-offset  fragment-offset ; 
               
               packet-length  packet-length ; 
               
               }

To add general protocol conditions to a classify-traffic condition:

From configuration mode, enter the general protocol condition configuration. For example:


                  
                     user@host# edit policies group dhcp list in
                           rule forward-dhcp traffic-condition  client-dhcp
                           protocol-condition

Configure the protocol matched by this classify-traffic condition.


                  
                     [edit policies group dhcp list in rule forward-dhcp traffic-condition
                        client-dhcp protocol-condition]
                     
                     user@host# set protocol  protocol

Configure the policy to match packets with the protocol that is either equal or not equal to the specified protocol.


                  
                     [edit policies group dhcp list in rule forward-dhcp traffic-condition
                        client-dhcp protocol-condition]
                     
                     user@host# set protocol-operation  protocol-operation

(Optional) Configure the value of the IP flags field in the IP header.


                  
                     [edit policies group dhcp list in rule forward-dhcp traffic-condition
                        client-dhcp protocol-condition]
                     
                     user@host# set ip-flags  ip-flags

(Optional) Configure the mask that is associated with the IP flag.


                  
                     [edit policies group dhcp list in rule forward-dhcp traffic-condition
                        client-dhcp protocol-condition]
                     
                     user@host# set ip-flags-mask  ip-flags-mask

(Optional) Configure the value of the fragment offset field.


                  
                     [edit policies group dhcp list in rule forward-dhcp traffic-condition
                        client-dhcp protocol-condition]
                     
                     user@host# set fragment-offset  fragment-offset

(Optional) Configure the packet length on which to match. The length refers only to the IP packet, including the packet header, and does not include any layer 2 encapsulation overhead.


                  
                     [edit policies group dhcp list in rule forward-dhcp traffic-condition
                        client-dhcp protocol-condition]
                     
                     user@host# set packet-length  packet-length

(Optional) Verify your protocol condition configuration.

[edit policies group dhcp list in rule forward-dhcp traffic-condition client-dhcp protocol-condition]
user@host# show 
protocol 0;
protocol-operation 1;
ip-flags 0;
ip-flags-mask 0;
fragment-offset any;

Configuring Protocol Conditions (SRC CLI)

Related Topics