Configuring Protocol Conditions with Ports (SRC CLI)
Use the following configuration statements to add general protocol conditions with ports to a classify-traffic condition:
To add general protocol conditions with ports to a classify-traffic condition:
From configuration mode, enter the protocol port condition configuration. For example:
user@host# edit policies group junos list bodVpn rule pr traffic-condition ctc protocol-port-conditionConfigure the protocol matched by this classify-traffic condition.
[edit policies group junos list bodVpn rule pr traffic-condition ctc protocol-port-condition]user@host# set protocol protocolConfigure the policy to match packets with the protocol that is either equal or not equal to the specified protocol.
[edit policies group junos list bodVpn rule pr traffic-condition ctc protocol-port-condition]user@host# set protocol-operation protocol-operation(Optional) Configure the value of the IP flags field in the IP header.
[edit policies group junos list bodVpn rule pr traffic-condition ctc protocol-port-condition]user@host# set ip-flags ip-flags(Optional) Configure the mask that is associated with the IP flag.
[edit policies group junos list bodVpn rule pr traffic-condition ctc protocol-port-condition]user@host# set ip-flags-mask ip-flags-mask(Optional) Configure the value of the fragment offset field.
[edit policies group junos list bodVpn rule pr traffic-condition ctc protocol-port-condition]user@host# set fragment-offset fragment-offset(Optional) Configure the packet length on which to match. The length refers only to the IP packet, including the packet header, and does not include any layer 2 encapsulation overhead.
[edit policies group junos list bodVpn rule pr traffic-condition ctc protocol-port-conditionuser@host# set packet-length packet-length(Optional) Enter the destination port configuration for the protocol port configuration.
[edit policies group junos list bodVpn rule pr traffic-condition ctc protocol-port-condition]user@host# edit destination-port(Optional) Configure the policy to match packets with a port that is either equal or not equal to the specified port.
[edit policies group junos list bodVpn rule pr traffic-condition ctc protocol-port-condition destination-port port]user@host# set port-operation port-operation(Optional) Configure the destination port.
[edit policies group junos list bodVpn rule pr traffic-condition ctc protocol-port-condition destination-port port]user@host# set from-port from-port(Optional) Enter the source port configuration for the protocol port configuration.
user@host# up[edit policies group junos list bodVpn rule pr traffic-condition ctc protocol-port-condition]user@host# edit source-port(Optional) Configure the policy to match packets with a port that is either equal or not equal to the specified port.
[edit policies group junos list bodVpn rule pr traffic-condition ctc protocol-port-condition source-port port]user@host# set port-operation port-operation(Optional) Configure the source port.
[edit policies group junos list bodVpn rule pr traffic-condition ctc protocol-port-condition source-port port]user@host# set from-port from-port[edit policies group junos list bodVpn rule pr traffic-condition ctc protocol-port-condition source-port port]user@host# up(Optional) Verify your protocol condition configuration.
[edit policies group junos list bodVpn rule pr traffic-condition ctc protocol-port-condition] user@host# show protocol 17; protocol-operation 1; ip-flags ipFlags; ip-flags-mask ipFlagsMask; fragment-offset ipFragOffset; packet-length packetLength; destination-port { port { port-operation eq; from-port service_port; } } source-port { port { port-operation eq; from-port service_port; } }