Configuring Protocol Conditions with Ports (SRC CLI)

Use the following configuration statements to add general protocol conditions with ports to a classify-traffic condition:

To add general protocol conditions with ports to a classify-traffic condition:

1. From configuration mode, enter the protocol port condition configuration. For example:
   user@host# edit policies group junos list bodVpn rule pr traffic-condition ctc protocol-port-condition
2. Configure the protocol matched by this classify-traffic condition.
   [edit policies group junos list bodVpn rule pr traffic-condition ctc protocol-port-condition]user@host# set protocol protocol
3. Configure the policy to match packets with the protocol that is either equal or not equal to the specified protocol.
   [edit policies group junos list bodVpn rule pr traffic-condition ctc protocol-port-condition]user@host# set protocol-operation protocol-operation
4. (Optional) Configure the value of the IP flags field in the IP header.
   [edit policies group junos list bodVpn rule pr traffic-condition ctc protocol-port-condition]user@host# set ip-flags ip-flags
5. (Optional) Configure the mask that is associated with the IP flag.
   [edit policies group junos list bodVpn rule pr traffic-condition ctc protocol-port-condition]user@host# set ip-flags-mask ip-flags-mask
6. (Optional) Configure the value of the fragment offset field.
   [edit policies group junos list bodVpn rule pr traffic-condition ctc protocol-port-condition]user@host# set fragment-offset fragment-offset
7. (Optional) Configure the packet length on which to match. The length refers only to the IP packet, including the packet header, and does not include any layer 2 encapsulation overhead.
   [edit policies group junos list bodVpn rule pr traffic-condition ctc protocol-port-conditionuser@host# set packet-length packet-length
8. (Optional) Enter the destination port configuration for the protocol port configuration.
   [edit policies group junos list bodVpn rule pr traffic-condition ctc protocol-port-condition]user@host# edit destination-port
9. (Optional) Configure the policy to match packets with a port that is either equal or not equal to the specified port.
   [edit policies group junos list bodVpn rule pr traffic-condition ctc protocol-port-condition destination-port port]user@host# set port-operation port-operation
10. (Optional) Configure the destination port.
    [edit policies group junos list bodVpn rule pr traffic-condition ctc protocol-port-condition destination-port port]user@host# set from-port from-port
11. (Optional) Enter the source port configuration for the protocol port configuration.
    user@host# up [edit policies group junos list bodVpn rule pr traffic-condition ctc protocol-port-condition]user@host# edit source-port
12. (Optional) Configure the policy to match packets with a port that is either equal or not equal to the specified port.
    [edit policies group junos list bodVpn rule pr traffic-condition ctc protocol-port-condition source-port port]user@host# set port-operation port-operation
13. (Optional) Configure the source port.
    [edit policies group junos list bodVpn rule pr traffic-condition ctc protocol-port-condition source-port port]user@host# set from-port from-port [edit policies group junos list bodVpn rule pr traffic-condition ctc protocol-port-condition source-port port]user@host# up
14. (Optional) Verify your protocol condition configuration.

    [edit policies group junos list bodVpn rule pr traffic-condition ctc protocol-port-condition]
    user@host# show 
    protocol 17;
    protocol-operation 1;
    ip-flags ipFlags;
    ip-flags-mask ipFlagsMask;
    fragment-offset ipFragOffset;
    packet-length packetLength;
    destination-port { 
      port { 
        port-operation eq;
        from-port service_port;
      }
    }
    source-port {
      port {
        port-operation eq;
        from-port service_port;
      }
    }