Configuring TCP Conditions (SRC CLI)

Use the following configuration statements to add TCP conditions to a classify-traffic condition:

Because the protocol is already set to TCP, do not change the protocol or protocol-operation options.

To add TCP conditions to a classify-traffic condition:

1. From configuration mode, enter the TCP configuration. For example:
   user@host# edit policies group junos list tcpCondition rule pr traffic-condition ctc tcp-condition
2. (Optional) Configure the value of the TCP flags field in the IP header.
   [edit policies group junos list tcpCondition rule pr traffic-condition ctc tcp-condition]user@host# set tcp-flags tcp-flags
3. (Optional) Configure the mask associated with TCP flags.
   [edit policies group junos list tcpCondition rule pr traffic-condition ctc tcp-condition]user@host# set tcp-flags-mask tcp-flags-mask
4. (Optional) Configure the value of the IP flags field in the IP header.
   [edit policies group junos list tcpCondition rule pr traffic-condition ctc tcp-condition]user@host# set ip-flags ip-flags
5. (Optional) Configure the mask that is associated with the IP flag.
   [edit policies group junos list tcpCondition rule pr traffic-condition ctc tcp-condition]user@host# set ip-flags-mask ip-flags-mask
6. (Optional) Configure the value of the fragment offset field.
   [edit policies group junos list tcpCondition rule pr traffic-condition ctc tcp-condition]user@host# set fragment-offset fragment-offset
7. (Optional) For Junos OS filter policies, configure the packet length on which to match. The length refers only to the IP packet, including the packet header, and does not include any layer 2 encapsulation overhead.
   [edit policies group junos list tcpCondition rule pr traffic-condition ctc tcp-condition]user@host# set packet-length packet-length
8. (Optional) Enter the destination port configuration for the TCP configuration.
   [edit policies group junos list tcpCondition rule pr traffic-condition ctc tcp-condition]user@host# edit destination-port port
9. (Optional) Configure the policy to match packets with a port that is either equal or not equal to the specified port.
   [edit policies group junos list tcpCondition rule pr traffic-condition ctc tcp-condition destination-port port]user@host# set port-operation port-operation
10. (Optional) Configure the destination port.
    [edit policies group junos list tcpCondition rule pr traffic-condition ctc tcp-condition destination-port port]user@host# set from-port from-port
11. (Optional) Enter the source port configuration for the TCP configuration.
    [edit policies group junos list tcpCondition rule pr traffic-condition ctc tcp-condition destination-port port]user@host# up [edit policies group junos list tcpCondition rule pr traffic-condition ctc tcp-condition]user@host# edit source-port port
12. (Optional) Configure the policy to match packets with a port that is either equal or not equal to the specified port.
    [edit policies group junos list tcpCondition rule pr traffic-condition ctc tcp-condition source-port port]user@host# set port-operation port-operation
13. (Optional) Configure the source port.
    [edit policies group junos list tcpCondition rule pr traffic-condition ctc tcp-condition source-port port]user@host# set from-port from-port [edit policies group junos list tcpCondition rule pr traffic-condition ctc tcp-condition source-port port]user@host# up
14. (Optional) Verify the TCP condition configuration.

    [edit policies group junos list tcpCondition rule pr traffic-condition ctc tcp-condition]
    user@host# show 
    tcp-flags 0;
    tcp-flags-mask 0;
    protocol tcp;
    protocol-operation is;
    ip-flags 0;
    ip-flags-mask 0;
    destination-port {
      port {
        port-operation eq;
        from-port service_port;
      }
    }
    source-port { 
      port { 
        port-operation eq;
        from-port service_port;
      }
    }