Set Policy Rule - Enterasys Matrix DFE-Gold Series Configuration Manual

set policy rule

Examples
This example shows how to use Table
policy 2, classification 65, to drop packets from a source IP address of 172.16.1.2:
Matrix(rw)->set policy classify 2 65 vlan drop ipsource 172.16.1.2
set policy rule
Use this command to assign incoming untagged frames to a specific policy profile and to VLAN or
Class‐of‐Service classification rules.
Syntax
set policy rule admin-profile | profile-index {ether |ipfrag | ipproto | ipdest |
ipsource | iptos | llcDsapSsap | macdest | macsource | | port | tcpdestport |
tcpsourceport | udpdestport | udpsourceport} data [mask mask] [port-string port-
string] [storage-type {non-volatile | volatile}] [vlan vlan] | [drop | forward]
[admin-pid admin-pid] [cos cos]
Parameters
admin‐profile |
profile‐index
ether
ipdest
ipfrag
ipproto
ipsource
iptos
llcDsapSsap
macdest
macsource
port
tcpdestport
tcpsourceport
udpdestport
udpsourceport
data
mask mask
8‐3 to create (and enable) a VLAN classification rule to
Specifies that this is an administrative rule or associates this
classification rule with a policy profile index configured with the set
policy profile command ("set policy profile" on page 8‐3). Valid profile‐
index values are 1‐ 1023.
Note: Admin profiles can be assigned to a specific ingress port by specifying
port-string and admin-pid values as described below.
Classifies based on type field in Ethernet II packet.
Classifies based on destination IP address.
Classifies based on IP fragmentation value.
Classifies based on protocol field in IP packet.
Classifies based on source IP address.
Classifies based on Type of Service field in IP packet.
Classifies based on DSAP/SSAP pair in 802.3 type packet.
Classifies based on MAC destination address.
Classifies based on MAC source address.
Classifies based on port‐string.
Classifies based on TCP destination port with.
Classifies based on TCP source port .
Classifies based on UDP destination port .
Classifies based on UDP source port .
(Not required for ipfrag classification.) Specifies the code for a
predefined classifier. This value is dependent on the classification type
entered. Refer to Table 8‐3 for valid values for each classification type.
(Optional) Specifies the number of significant bits to match, dependent
on the data value entered. Refer to Table
classification type and data value.
Enterasys Matrix DFE-Gold Series Configuration Guide 8-13
Assigning Classification Rules to Policy Profiles
8‐3 for valid values for each