Secure Ip Classifier-List - Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - COMMAND REFERENCE N TO Z 2010-10-19 Command Reference Manual

secure ip classifier-list

Syntax
Release Information
Description
Options
Copyright © 2010, Juniper Networks, Inc.
secure ip classifier-list classifierName { { classifier-auth-id { 0 } } | { [ traffic-class
trafficClassName ]
[ color { green | yellow | red } ] [ user-packet-class userPacketClassValue ]
[ source-route-class routeClassValue ] [ destination-route-class routeClassValue ]
[ local { true | false } ] [ not ] { protocol }
[ not ] { sourceAddress sourceMask | host sourceHostAddress | any }
[ sourceQualifier ]
[ not ] { destinationAddress destinationMask | host destinationHostAddress | any }
[ destinationQualifier ] [ tcpQualifier ] [ ip-flags ipFlags ]
[ ip-frag-offset { eq 0 | eq 1 | gt 1 } ]
[ precedence precNum | dsField dsFieldNum | tos tosNum ] } }
no secure ip classifier-list classifierName [ classifierNumber ] [ classifier-auth-id { 0 } ]
Command introduced in JunosE Release 8.0.0.
Creates or modifies a secure classifier control list. Use the not keyword to deny traffic
for a specific protocol, source address, or destination address. Use the any keyword to
allow traffic to any source or destination address. The no version removes the classifier
control list.
classifierName—Name of the classifier control list entry
classifierAuthId—Number of the authentication ID to match (0)
trafficClassName—Name of the traffic class to match
green—Matches packet color to green, indicating a low drop preference
yellow—Matches packet color to yellow, indicating a medium drop preference
red—Matches packet color to red, indicating a high drop preference
userPacketClassValue—User packet value to match; in the range 0–15
routeClassValue—Value of the route-class; in the range 0–255
local—Specifies traffic destined for this interface
true—Matches packets that are locally destined
false—Matches packets that are not locally destined
not—Matches any except the immediately following protocol or address
protocol—Protocol name (IGMP, IP, TCP, or UDP) or number (in the range 0–255) to
match
sourceAddress—Source address to match
sourceMask—Wild-card mask to apply to the source address
host—Matches source or destination address as a host
Chapter 7: S Commands
435