Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Configuring Protocol Conditions with Ports (SRC CLI)

    Use the following configuration statements to add general protocol conditions with ports to a classify-traffic condition:

    policies group name list name rule name traffic-condition name protocol-port-condition {protocol protocol ; protocol-operation protocol-operation ; ip-flags ip-flags ;ip-flags-mask ip-flags-mask ; fragment-offset fragment-offset; packet-length packet-length ; }
    policies group name list name rule name traffic-condition name protocol-port-condition destination-port port {port-operation port-operation ; from-port from-port ; }
    policies group name list name rule name traffic-condition name protocol-port-condition source-port port {port-operation port-operation ; from-port from-port ; }

    To add general protocol conditions with ports to a classify-traffic condition:

    1. From configuration mode, enter the protocol port condition configuration. For example:
      user@host# edit policies group junos list bodVpn rule pr traffic-condition ctc protocol-port-condition
    2. Configure the protocol matched by this classify-traffic condition.
      [edit policies group junos list bodVpn rule pr traffic-condition ctc protocol-port-condition]user@host# set protocol protocol
    3. Configure the policy to match packets with the protocol that is either equal or not equal to the specified protocol.
      [edit policies group junos list bodVpn rule pr traffic-condition ctc protocol-port-condition]user@host# set protocol-operation protocol-operation
    4. (Optional) Configure the value of the IP flags field in the IP header.
      [edit policies group junos list bodVpn rule pr traffic-condition ctc protocol-port-condition]user@host# set ip-flags ip-flags
    5. (Optional) Configure the mask that is associated with the IP flag.
      [edit policies group junos list bodVpn rule pr traffic-condition ctc protocol-port-condition]user@host# set ip-flags-mask ip-flags-mask
    6. (Optional) Configure the value of the fragment offset field.
      [edit policies group junos list bodVpn rule pr traffic-condition ctc protocol-port-condition]user@host# set fragment-offset fragment-offset
    7. (Optional) Configure the packet length on which to match. The length refers only to the IP packet, including the packet header, and does not include any layer 2 encapsulation overhead.
      [edit policies group junos list bodVpn rule pr traffic-condition ctc protocol-port-conditionuser@host# set packet-length packet-length
    8. (Optional) Enter the destination port configuration for the protocol port configuration.
      [edit policies group junos list bodVpn rule pr traffic-condition ctc protocol-port-condition]user@host# edit destination-port
    9. (Optional) Configure the policy to match packets with a port that is either equal or not equal to the specified port.
      [edit policies group junos list bodVpn rule pr traffic-condition ctc protocol-port-condition destination-port port]user@host# set port-operation port-operation
    10. (Optional) Configure the destination port.
      [edit policies group junos list bodVpn rule pr traffic-condition ctc protocol-port-condition destination-port port]user@host# set from-port from-port
    11. (Optional) Enter the source port configuration for the protocol port configuration.
      user@host# up [edit policies group junos list bodVpn rule pr traffic-condition ctc protocol-port-condition]user@host# edit source-port
    12. (Optional) Configure the policy to match packets with a port that is either equal or not equal to the specified port.
      [edit policies group junos list bodVpn rule pr traffic-condition ctc protocol-port-condition source-port port]user@host# set port-operation port-operation
    13. (Optional) Configure the source port.
      [edit policies group junos list bodVpn rule pr traffic-condition ctc protocol-port-condition source-port port]user@host# set from-port from-port [edit policies group junos list bodVpn rule pr traffic-condition ctc protocol-port-condition source-port port]user@host# up
    14. (Optional) Verify your protocol condition configuration.
      [edit policies group junos list bodVpn rule pr traffic-condition ctc protocol-port-condition]
      user@host# show 
      protocol 17;
      protocol-operation 1;
      ip-flags ipFlags;
      ip-flags-mask ipFlagsMask;
      fragment-offset ipFragOffset;
      packet-length packetLength;
      destination-port { 
        port { 
          port-operation eq;
          from-port service_port;
        }
      }
      source-port {
        port {
          port-operation eq;
          from-port service_port;
        }
      }

    Published: 2014-12-10