Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Configuring Protocol Conditions with Parameters (SRC CLI)

    Use the following configuration statements to configure classify-traffic conditions that contain a parameter value for the protocol:

    policies group name list name rule name traffic-condition name parameter-protocol-condition {protocol protocol ; protocol-operation protocol-operation ; tcp-flags tcp-flags ; tcp-flags-mask tcp-flags-mask ; spi spi ; ip-flags ip-flags ; ip-flags-mask ip-flags-mask ; fragment-offset fragment-offset ; packet-length packet-length ; }
    policies group name list name rule name traffic-condition name parameter-protocol-condition proto-attr {icmp-type icmp-type ; icmp-code icmp-code ; igmp-type igmp-type ; }
    policies group name list name rule name traffic-condition name parameter-protocol-condition proto-attr destination-port port {port-operation port-operation ; from-port from-port ; }
    policies group name list name rule name traffic-condition name parameter-protocol-condition proto-attr source-port port {port-operation port-operation ; from-port from-port ; }

    To configure a protocol condition that contains a parameter value for the protocol:

    1. From configuration mode, enter the parameter protocol condition configuration. For example:
      user@host# edit policies group junose list dhcp rule forward-dhcp traffic-condition ctc parameter-protocol-condition
    2. Assign a parameter as the protocol matched by this classify-traffic condition.

      Before you assign a parameter, you must create a parameter of type protocol and commit the parameter configuration.

      [edit policies group junose list dhcp rule forward-dhcp traffic-condition ctc parameter-protocol-condition]user@host# set protocol protocol
    3. (Optional) Configure the policy to match packets with the protocol that is either equal or not equal to the specified protocol.
      [edit policies group junose list dhcp rule forward-dhcp traffic-condition ctc parameter-protocol-condition]user@host# set protocol-operation protocol-operation
    4. (Optional) Configure the value of the TCP flags field in the IP header.
      [edit policies group junose list dhcp rule forward-dhcp traffic-condition ctc parameter-protocol-condition]user@host# set tcp-flags tcp-flags
    5. (Optional) Configure the mask associated with TCP flags.
      [edit policies group junose list dhcp rule forward-dhcp traffic-condition ctc parameter-protocol-condition]user@host# set tcp-flags-mask tcp-flags-mask
    6. (Optional) Specify the authentication header (AH) or the encapsulating security payload (ESP) security parameter index (SPI).
      [edit policies group junose list dhcp rule forward-dhcp traffic-condition ctc parameter-protocol-condition]user@host# set spi spi
    7. (Optional) Configure the value of the IP flags field in the IP header.
      [edit policies group junose list dhcp rule forward-dhcp traffic-condition ctc parameter-protocol-condition]user@host# set ip-flags ip-flags
    8. (Optional) Configure the mask that is associated with the IP flag.
      [edit policies group junose list dhcp rule forward-dhcp traffic-condition ctc parameter-protocol-condition]user@host# set ip-flags-mask ip-flags-mask
    9. (Optional) Configure the value of the fragment offset field.
      [edit policies group junose list dhcp rule forward-dhcp traffic-condition ctc parameter-protocol-condition]user@host# set fragment-offset fragment-offset
    10. (Optional) Configure the packet length on which to match. The length refers only to the IP packet, including the packet header, and does not include any layer 2 encapsulation overhead.
      [edit policies group junose list dhcp rule forward-dhcp traffic-condition ctc parameter-protocol-condition]user@host# set packet-length packet-length
    11. (Optional) Enter the protocol attribute configuration.
      [edit policies group junose list dhcp rule forward-dhcp traffic-condition ctc parameter-protocol-condition]user@host# edit proto-attr
    12. (Optional) Configure the ICMP packet type.
      [edit policies group junose list dhcp rule forward-dhcp traffic-condition ctc parameter-protocol-condition proto-attr]user@host# set icmp-type icmp-type
    13. (Optional) Configure the ICMP code.
      [edit policies group junose list dhcp rule forward-dhcp traffic-condition ctc parameter-protocol-condition proto-attr]user@host# set icmp-code icmp-code
    14. (Optional) Configure the IGMP packet type on which to match.
      [edit policies group junose list dhcp rule forward-dhcp traffic-condition ctc parameter-protocol-condition proto-attr]user@host# set igmp-type igmp-type
    15. (Optional) Enter the destination port configuration.
      [edit policies group junose list dhcp rule forward-dhcp traffic-condition ctc parameter-protocol-condition proto-attr]user@host# edit destination-port port
    16. (Optional) Configure the policy to match packets with a port that is either equal or not equal to the specified port.
      [edit policies group junose list dhcp rule forward-dhcp traffic-condition ctc parameter-protocol-condition proto-attr destination-port port]user@host# set port-operation port-operation
    17. (Optional) Configure the TCP or UDP destination port.
      [edit policies group junose list dhcp rule forward-dhcp traffic-condition ctc parameter-protocol-condition proto-attr destination-port port]user@host# set from-port from-port
    18. (Optional) Enter the source port configuration.
      [edit policies group junose list dhcp rule forward-dhcp traffic-condition ctc parameter-protocol-condition proto-attr destination-port port]user@host# up [edit policies group junose list dhcp rule forward-dhcp traffic-condition ctc param-proto-condition proto-attr]user@host# edit source-port port
    19. (Optional) Configure the policy to match packets with a port that is either equal or not equal to the specified port.
      [edit policies group junose list dhcp rule forward-dhcp traffic-condition ctc parameter-protocol-condition proto-attr source-port port]user@host# set port-operation port-operation
    20. (Optional) Configure the TCP or UDP source port.
      [edit policies group junose list dhcp rule forward-dhcp traffic-condition ctc parameter-protocol-condition proto-attr source-port port]user@host# set from-port from-port [edit policies group junose list dhcp rule forward-dhcp traffic-condition ctc parameter-protocol-condition proto-attr source-port port]user@host# up [edit policies group junose list dhcp rule forward-dhcp traffic-condition ctc parameter-protocol-condition proto-attr source-port]user@host# up [edit policies group junose list dhcp rule forward-dhcp traffic-condition ctc parameter-protocol-condition proto-attr]user@host# up [edit policies group junose list dhcp rule forward-dhcp traffic-condition ctc parameter-protocol-condition]user@host# up
    21. (Optional) Verify the parameter protocol configuration.
      [edit policies group junose list dhcp rule forward-dhcp traffic-condition ctc parameter-protocol-condition]
      user@host# show 
      protocol protocol;
      protocol-operation is;
      tcp-flags 0;
      tcp-flags-mask 0;
      ip-flags 0;
      ip-flags-mask 0;
      proto-attr {
        icmp-type 255;
        icmp-code 255;
        destination-port {
          port {
            port-operation eq;
            from-port outsidePort;
          }
        }
      }

    Modified: 2016-12-29