Packet Matching Criteria - Alcatel-Lucent 7210 SAS Configuration Manual

Hide thumbs Also See for 7210 SAS:

Service manual (952 pages)

Configuration manual (558 pages)

Quality of service manual (404 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

page of 138

/ 138
Contents
Table of Contents
Bookmarks

Table of Contents

Creating and Applying Policies

Packet Matching Criteria

As few or as many match parameters can be specified as required, but all conditions must be met in

order for the packet to be considered a match and the specified action performed. The process stops

when the first complete match is found and then executes the action defined in the entry, either to

drop or forward packets that match the criteria.

IP filter policies match criteria that associate traffic with an ingress or egress SAP. Matching

criteria to drop or forward IP traffic include:

•

Page 64

Source IP address and mask

Source IP address and mask values can be entered as search criteria. The IP Version 4

addressing scheme consists of 32 bits expressed in dotted decimal notation (X.X.X.X).

Address ranges are configured by specifying mask values, the 32-bit combination used to

describe the address portion which refers to the subnet and which portion refers to the host.

The mask length is expressed as an integer (range 1 to 32).

Destination IP address and mask — Destination IP address and mask values can be entered

as search criteria.

Protocol — Entering a protocol ID (such as TCP, UDP, etc.) allows the filter to search for

the protocol specified in this field.

Source port — Entering the source port number allows the filter to search for matching

TCP or UDP port values.

Destination port — Entering the destination port number allows the filter to search for

matching TCP or UDP .

DSCP marking — Entering a DSCP marking enables the filter to search for the DSCP

marking specified in this field. See

page

66.

ICMP code — Entering an ICMP code allows the filter to search for matching ICMP code

in the ICMP header.

ICMP type — Entering an ICMP type allows the filter to search for matching ICMP types

in the ICMP header.

Fragmentation — IPv4 only: Enable fragmentation matching. A match occurs if packets

have either the MF (more fragment) bit set or have the Fragment Offset field of the IP

header set to a non-zero value.

Option present — Enabling the option presence allows the filter to search for presence or

absence of IP options in the packet. Padding and EOOL are also considered as IP options.

TCP-ACK/SYN flags — Entering a TCP-SYN/TCP-ACK flag allows the filter to search

for the TCP flags specified in these fields.

Table 3, DSCP Name to DSCP Value Table, on

7210 SAS D, E OS Router Configuration Guide

Table of Contents

Packet Matching Criteria - Alcatel-Lucent 7210 SAS Configuration Manual

Packet Matching Criteria

Related Manuals for Alcatel-Lucent 7210 SAS

Related Content for Alcatel-Lucent 7210 SAS

Table of Contents