Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Configuring PTSP Classify-Traffic Conditions (SRC CLI)

    Before you configure PTSP classify-traffic conditions, review the following topics:

    Topics that discuss configuring PTSP classify-traffic conditions include:

    Creating PTSP Classify-Traffic Conditions (SRC CLI)

    You create classify-traffic conditions within policy rules. Use the following configuration statements to create a classify-traffic condition:

    policies group name list name rule name traffic-condition name {match-direction match-direction; description description;}

    To add a classify-traffic condition:

    1. From configuration mode, create a classify-traffic condition inside a policy rule that has already been created and configured. For example, to create a traffic-condition called condition1 within policy rule rule1:
      user@host# edit policies group group1 list list1 rule rule1 traffic-condition condition1
    2. (Optional) Specify the direction of the packet flow on which you want to match packets.
      [edit policies group group1 list list1 rule rule1 traffic-condition condition1]user@host# set match-direction match-direction

      Set to one of the following values:

      • input
      • output
      • both
      • Parameter of type matchDirection
    3. (Optional) Provide a description of the classify-traffic condition.
      [edit policies group group1 list list1 rule rule1 traffic-condition condition1]user@host# set description description
    4. (Optional) Verify your PTSP classify-traffic condition configuration.
      [edit policies group group1 list list1 rule rule1 traffic-condition condition1]
      user@host# show 
      match-direction output;
      description "Destination classifier";

    Configuring Destination Networks for PTSP Classify-Traffic Conditions (SRC CLI)

    Use the following configuration statements to add destination networks to a PTSP classify-traffic condition:

    policies group name list name rule name traffic-condition name destination-network network {ip-address ip-address; ip-mask ip-mask; }

    To add a destination network to a PTSP classify-traffic condition:

    1. From configuration mode, enter the destination network within a classify-traffic condition. For example:
      user@host# edit policies group group1 list list1 rule rule1 traffic-condition condition1 destination-network network
    2. (Optional) Specify the IP address of the destination network or host.
      [edit policies group group1 list list1 rule rule1 traffic-condition condition1 destination-network network]user@host# set ip-address ip-address

      Where ip-address is one of the following values:

      • IP address
      • Predefined global parameter:
        • gateway_ipAddress—IP address of the gateway as specified by the service object.
        • interface_ipAddress—IP address of the router interface.
        • service_ipAddress—IP address of the service as specified by the service object.
        • user_ipAddress—IP address of the subscriber.
        • virtual_ipAddress—Virtual portal address of the SAE that is used in redundant redirect server installations.
      • Parameter of type address
    3. (Optional) Configure the IP mask of the destination network or host.
      [edit policies group group1 list list1 rule rule1 traffic-condition condition1 destination-network network]user@host# set ip-mask ip-mask

      Where ip-mask is one of the following values:

      • IP address mask
      • Predefined global parameter:
        • interface_ ipMask—IP mask of the router interface.
        • service_ ipMask—IP mask of the service as specified by the service object.
        • user_ ipMask—IP mask of the subscriber.
      • Parameter of type address.
    4. (Optional) Verify your destination network configuration.
      [edit policies group group1 list list1 rule rule1 traffic-condition condition1 destination-network network]
      user@host# show 
      ip-address interface_ipAddress;
      ip-mask interface_ipMask;
      

    Configuring Destination Grouped Networks for PTSP Classify-Traffic Conditions (SRC CLI)

    Use the following configuration statements to add destination networks in a grouped format to a classify-traffic condition:

    policies group name list name rule name traffic-condition name destination-network group-network {network-specifier network-specifier; }

    To add a grouped destination network to a classify-traffic condition:

    1. From configuration mode, enter the destination network within a classify-traffic condition. For example:
      user@host# edit policies group group1 list list1 rule rule1 traffic-condition condition1 destination-network group-network
    2. (Optional) Configure the IP address of the destination network or host.

      [edit policies group group1 list list1 rule rule1 traffic-condition condition1 destination-network group-network]user@host# set network-specifier network-specifier
    3. (Optional) Verify your destination network configuration.
      [edit policies group group1 list list1 rule rule1 traffic-condition condition1 destination-network group-network] 
      user@host# show 
      network-specifier any;

    Configuring Protocol Conditions for PTSP Classify-Traffic Conditions (SRC CLI)

    The procedure in this topic shows how to configure protocol conditions that do not include port conditions.

    Use the following configuration statements to add general protocol conditions to a PTSP classify-traffic condition:

    policies group name list name rule name traffic-condition name protocol-condition {protocol protocol; }

    To add general protocol conditions to a classify-traffic condition:

    1. From configuration mode, enter the general protocol condition configuration. For example:
      user@host# edit policies group group1 list list1 rule rule1 traffic-condition condition1 protocol-condition
    2. Configure the protocol matched by this classify-traffic condition.
      [edit policies group group1 list list1 rule rule1 traffic-condition condition1 protocol-condition]user@host# set protocol protocol

      Enter the protocol matched by this classifier list, one of the following values:

      • Predefined global parameter—Use a ? at the command line to see a list of valid protocols.
      • Protocol number in the range 0–255.
      • String expression.
      • Parameter of type protocol.
    3. (Optional) Verify your protocol condition configuration.
      [edit policies group group1 list list1 rule rule1 traffic-condition condition1 protocol-condition]
      user@host# show 
      protocol 0;
      

    Configuring Protocol Conditions with Ports for PTSP Classify-Traffic Conditions (SRC CLI)

    Use the following configuration statements to add general protocol conditions with ports to a PTSP classify-traffic condition:

    policies group name list name rule name traffic-condition name protocol-port-condition {protocol protocol; }
    policies group name list name rule name traffic-condition name protocol-port-condition destination-port port {from-port from-port; }
    policies group name list name rule name traffic-condition name protocol-port-condition source-port port {from-port from-port; }

    To add general protocol conditions with ports to a PTSP classify-traffic condition:

    1. From configuration mode, enter the protocol port condition configuration. For example:
      user@host# edit policies group group1 list list1 rule rule1 traffic-condition condition1 protocol-port-condition
    2. Configure the protocol matched by this classify-traffic condition.
      [edit policies group group1 list list1 rule rule1 traffic-condition condition1 protocol-port-condition]user@host# set protocol protocol

      UDP is the only valid value for PTSP.

    3. (Optional) Enter the destination port configuration for the protocol port configuration.
      [edit policies group group1 list list1 rule rule1 traffic-condition condition1 protocol-port-condition]user@host# edit destination-port
    4. (Optional) Configure the destination port.
      [edit policies group group1 list list1 rule rule1 traffic-condition condition1 protocol-port-condition destination-port port]user@host# set from-port from-port

      Where from-port is one of the following values:

      • service_port—A predefined global parameter that is the port of the service as specified by the service object
      • Integer in the range 0–65535
      • Expression—A range of port numbers; for example, 10..20
      • Parameter of type port

      Use a range of ports to specify port numbers that are greater than or less than a specified port number. For example:

      • To set a range of ports that is greater than 10, use 11..65535.
      • To set a range of ports that is less than 200, use 0..199.
    5. (Optional) Enter the source port configuration for the protocol port configuration.
      user@host# up [edit policies group group1 list list1 rule rule1 traffic-condition condition1 protocol-port-condition]user@host# edit source-port
    6. (Optional) Configure the source port.
      [edit policies group group1 list list1 rule rule1 traffic-condition condition1 protocol-port-condition source-port port]user@host# set from-port from-port[edit policies group group1 list list1 rule rule1 traffic-condition condition1 protocol-port-condition source-port port]user@host# up

      Where from-port is one of the following values:

      • service_port—A predefined global parameter that is the port of the service as specified by the service object.
      • Integer in the range 0–65535
      • Expression—A range of port numbers; for example, 10..20.
      • Parameter of type port

      Use a range of ports to specify port numbers that are greater than or less than a specified port number. For example:

      • To set a range of ports that is greater than 10, use 11..65535.
      • To set a range of ports that is less than 200, use 0..199.
    7. (Optional) Verify your protocol condition configuration.
      [edit policies group group1 list list1 rule rule1 traffic-condition condition1 protocol-port-condition]
      user@host# show 
      protocol udp;
      destination-port { 
       port { 
              from-port service_port;
        }
      }
      source-port {
        port {
             from-port service_port;
        }
      }

    Configuring Protocol Conditions with Parameters for PTSP Classify-Traffic Conditions (SRC CLI)

    Use the following configuration statements to configure classify-traffic conditions that contain a parameter value for the protocol:

    policies group name list name rule name traffic-condition name parameter-protocol-condition {protocol protocol; }
    policies group name list name rule name traffic-condition name parameter-protocol-condition proto-attr destination-port port {from-port from-port; }
    policies group name list name rule name traffic-condition name parameter-protocol-condition proto-attr source-port port {from-port from-port; }

    To configure a protocol condition that contains a parameter value for the protocol:

    1. From configuration mode, enter the parameter protocol condition configuration. For example:
      user@host# edit policies group group1 list list1 rule rule1 traffic-condition condition1 parameter-protocol-condition
    2. Assign a parameter as the protocol matched by this classify-traffic condition.

      Before you assign a parameter, you must create a parameter of type protocol and commit the parameter configuration.

      [edit policies group group1 list list1 rule rule1 traffic-condition condition1 parameter-protocol-condition]user@host# set protocol protocol
    3. (Optional) Enter the protocol attribute configuration.
      [edit policies group group1 list list1 rule rule1 traffic-condition condition1 parameter-protocol-condition]user@host# edit proto-attr
    4. (Optional) Enter the destination port configuration.
      [edit policies group group1 list list1 rule rule1 traffic-condition condition1 parameter-protocol-condition proto-attr]user@host# edit destination-port port
    5. (Optional) Configure the TCP or UDP destination port.
      [edit policies group group1 list list1 rule rule1 traffic-condition condition1 parameter-protocol-condition proto-attr destination-port port]user@host# set from-port from-port

      Where from-port is one of the following values:

      • service_port—A predefined global parameter that is the port of the service as specified by the service object.
      • Integer in the range 0–65535.
      • Expression—A range of port numbers; for example, 10..20.
      • Parameter of type port.

      Use a range of ports to specify port numbers that are greater than or less than a specified port number. For example:

      • To set a range of ports that is greater than 10, use 11..65535.
      • To set a range of ports that is less than 200, use 0..199.
    6. (Optional) Enter the source port configuration.
      [edit policies group group1 list list1 rule rule1 traffic-condition condition1 parameter-protocol-condition proto-attr destination-port port]user@host# up [edit policies group group1 list list1 rule rule1 traffic-condition condition1 parameter-protocol-condition proto-attr]user@host# edit source-port port
    7. (Optional) Configure the TCP or UDP source port.
      [edit policies group group1 list list1 rule rule1 traffic-condition condition1 parameter-protocol-condition proto-attr source-port port]user@host# set from-port from-port[edit policies group group1 list list1 rule rule1 traffic-condition condition1 parameter-protocol-condition proto-attr source-port port]user@host# up[edit policies group group1 list list1 rule rule1 traffic-condition condition1 parameter-protocol-condition proto-attr source-port]user@host# up[edit policies group group1 list list1 rule rule1 traffic-condition condition1 parameter-protocol-condition proto-attr ]user@host# up

      Where from-port is one of the following values:

      • service_port—A predefined global parameter that is the port of the service as specified by the service object.
      • Integer in the range 0–65535.
      • Expression—A range of port numbers; for example, 10..20.
      • Parameter of type port.

      Use a range of ports to specify port numbers that are greater than or less than a specified port number. For example:

      • To set a range of ports that is greater than 10, use 11..65535.
      • To set a range of ports that is less than 200, use 0..199.
    8. (Optional) Verify the parameter protocol configuration.
      [edit policies group group1 list list1 rule rule1 traffic-condition condition1 parameter-protocol-condition]
      user@host# show 
      protocol protocol;
       destination-port {
          port {
            from-port service_port;
          }
        }
      }

    Configuring TCP Conditions for PTSP Classify-Traffic Conditions (SRC CLI)

    Use the following configuration statements to add TCP conditions to a PTSP classify-traffic condition:

    policies group name list name rule name traffic-condition name tcp-condition {protocol tcp; }

    Because the protocol is already set to TCP, do not change the protocol or protocol-operation options.

    policies group name list name rule name traffic-condition name tcp-condition destination-port port {from-port from-port; }
    policies group name list name rule name traffic-condition name tcp-condition source-port port {from-port from-port; }

    To add TCP conditions to a PTSP classify-traffic condition:

    1. From configuration mode, enter the TCP configuration. For example:
      user@host# edit policies group group1 list list1 rule rule1 traffic-condition condition1 tcp-condition
    2. (Optional) Enter the protocol for the TCP configuration.
      [edit policies group group1 list list1 rule rule1 traffic-condition condition1 tcp-condition]user@host# set protocol protocol

      For PTSP this is set to TCP.

    3. (Optional) Enter the destination port configuration for the TCP configuration.
      [edit policies group group1 list list1 rule rule1 traffic-condition condition1 tcp-condition]user@host# edit destination-port port
    4. (Optional) Configure the destination port.
      [edit policies group group1 list list1 rule rule1 traffic-condition condition1 tcp-condition destination-port port]user@host# set from-port from-port

      Where from-port is one of the following values:

      • service_port—A predefined global parameter that is the port of the service as specified by the service object.
      • Integer in the range 0–65535.
      • Expression—A range of port numbers; for example, 10..20.
      • Parameter of type port.

      Use a range of ports to specify port numbers that are greater than or less than a specified port number. For example:

      • To set a range of ports that is greater than 10, use 11..65535.
      • To set a range of ports that is less than 200, use 0..199.
    5. (Optional) Enter the source port configuration for the TCP configuration.
      [edit policies group group1 list list1 rule rule1 traffic-condition condition1 tcp-condition source-port port]user@host# up [edit policies group group1 list list1 rule rule1 traffic-condition condition1]user@host# edit source-port port
    6. (Optional) Configure the source port.
      [edit policies group group1 list list1 rule rule1 traffic-condition condition1 tcp-condition source-port port]user@host# set from-port from-port[edit policies group group1 list list1 rule rule1 traffic-condition condition1 tcp-condition source-port port]user@host# up

      Where from-port is one of the following values:

      • service_port—A predefined global parameter that is the port of the service as specified by the service object.
      • Integer in the range 0–65535
      • Expression—A range of port numbers; for example, 10..20.
      • Parameter of type port

      Use a range of ports to specify port numbers that are greater than or less than a specified port number. For example:

      • To set a range of ports that is greater than 10, use 11..65535.
      • To set a range of ports that is less than 200, use 0..199.
    7. (Optional) Verify the TCP condition configuration.
      [edit policies group group1 list list1 rule rule1 traffic-condition condition1 tcp-condition]
      user@host# show 
      protocol tcp;
      protocol-operation is;
      destination-port {
       port {
              from-port service_port;
        }
      }
      source-port { 
        port { 
             from-port service_port;
        }
      }

    Configuring Traffic Match Conditions for PTSP Classify-Traffic Conditions (SRC CLI)

    Use the following configuration statements to configure traffic match conditions for PTSP classify traffic conditions.

    policies group name list name rule name traffic-condition name traffic-match-condition {application [application...]; application-group [application-group...]; nested-application [nested-application...];term-precedence term-precedence;}

    To add traffic match conditions to PTSP classify-traffic conditions:

    1. From configuration mode, enter the traffic condition configuration. For example:
      user@host# edit policies group group1 list list1 rule rule1 traffic-condition condition1 traffic-match-condition
    2. (Optional) Configure the application protocol to match.
      [edit policies group group1 list list1 rule rule1 traffic-condition condition1 traffic-match-condition]user@host# set application [application...]
    3. (Optional) Configure a list of application groups to match for this policy.
      [edit policies group group1 list list1 rule rule1 traffic-condition condition1 traffic-match-condition]user@host# set application-group [application-group...]
    4. (Optional) Configure a list of nested applications to match this policy.
      [edit policies group group1 list list1 rule rule1 traffic-condition condition1 traffic-match-condition]user@host# set nested-application [nested-application...]

      Separate items in the list with commas.

    5. (Optional) Configure the term-precedence for this term in a given policy in relation to other terms. Lower precedence terms are searched first. Precedence matters only within the same class of policies, either dynamic or static. Terms with the same precedence may be evaluated in any order.
      [edit policies group group1 list list1 rule rule1 traffic-condition condition1 traffic-match-condition]user@host# set term-precedence term-precedence

      Enter an integer in the range 1–254.

    6. (Optional) Verify the filter condition configuration.
      [edit policies group group1 list list1 rule rule1 traffic-condition condition1 traffic-match-condition]
      user@host# show 
      term—precedence 100;
      application—group group1;
      }

    Modified: 2016-04-27