Valid Values For Policy Classification Rules - Enterasys C3G124-24 Configuration Manual

set policy rule
Usage
An admin rule can be used to map incoming tagged frames to a policy role (profile). There can be
only one admin rule configured globally per system (stack), although other admin rules can be
applied to specific ports. Typically, this rule is used to implement the "User + IP phone" legacy
feature. Refer to
information. You would configure a policy profile/role for IP phones (for example, assigning a
high priority and TOS/DSCP), then associate that policy profile with the admin rule, and associate
the admin rule with the desired ports. Users authenticating over the same port will typically use a
dynamically assigned policy role.
A policy classification rule has two main parts: Traffic Description and Actions. The Traffic
Description identifies the type of traffic to which the rule will pertain. Actions specify whether
that traffic will be assigned class of service, assigned to a VLAN, or both.
Table 15-3
and the mask bits that can be entered for each classifier associated with that parameter.
Table 15-3 Valid Values for Policy Classification Rules
Classification Rule Parameter
ether
ipproto
Destination or Source IP Address:
ipdestsocket
ipsourcesocket
iptos
Destination or Source MAC:
macdest
macsource
Destination or Source TCP port:
tcpdestport
tcpsourceport
Destination or Source UDP port:
udpsourceport
udpdestport
vlantag
Examples
This example shows how to use
Ethernet II Type 1526 frames to VLAN 7:
C3(su)->set policy rule 3 ether 1526 vlan 7
This example shows how to use
UDP packets from source port 45:
15-12 Policy Classification Configuration
"Configuring User + IP Phone
provides the set policy rule data values that can be entered for a particular parameter,
Table 15-3
Table 15-3
Authentication" on page 32-52 for more
data value
Type field in Ethernet II packet:
1536 - 65535 or 0x600 - 0xFFFF
Protocol field in IP packet:
0 - 255 or 0 - 0xFF
IP Address in dotted decimal
format: 000.000.000.000 and
(Optional) post-fixed port: 0 -
65535
Type of Service field in IP packet:
0 - 252 or 0 - 0xFC
MAC Address: 00-00-00-00-00-
00
TCP Port Number:
0 - 65535 or 0 - 0xFFFF
UDP Port Number:
0 - 65535 or 0 - 0xFFFF
VLAN tag: 1- 4094
to assign a rule to policy profile 3 that will filter
to assign a rule to policy profile 5 that will forward
mask bits
Not applicable.
Not applicable.
1 - 48
Note: If no mask is specified, a
default mask of 32 is applied to
IP addresses and a default
mask of 48 is applied to IP
addresses plus port.
Not applicable.
1 - 48
1 - 16
1 - 16
Not applicable.