Match Condition Selection Panel - Extreme Networks Policy Manager User Manual

Supervisor edition

Hide thumbs

Table Of Contents

Table of Contents

Match Condition Selection Panel

This panel allows you to select from a list of match conditions. A choice of several match conditions is available:

ethernet-type:

Ethernet packet type. In place of the numeric value, you can specify one of the following text

synonyms (the field values are also listed): ETHER-P-IP (0x0800), ETHER-P-8021Q (0x8100),

ETHER-P-IPV6 (0x86DD).

ethernet-source-address

Ethernet source MAC address.

ethernet-destination-address Ethernet destination MAC address and mask. The mask is optional, and is in the same format as

the MAC address. Only those bits of the MAC address whose corresponding bit in the mask is

set to 1 will be used as match criteria. So, the example above will match 00:01:02:03:xx:xx. If

the mask is not supplied then it will be assumed to be ff:ff:ff:ff:ff:ff. In other words, all bits of

the MAC address will be used for matching.

source-address:

IP source address and mask. Egress ACLs do not support IPv6 addresses, only IPv4 addresses.

Use either all IPv4 or all IPv6 addresses in an ACL.

destination-address:

IP destination address and mask. Egress ACLs do not support IPv6 addresses, only IPv4

addresses. Use either all IPv4 or all IPv6 addresses in an ACL.

protocol:

IP protocol field. In place of the numeric value, you can specify one of the following text

synonyms (the field values are also listed): egp(8), esp(5), gre(47), icmp(1), igmp(2), ipip(4),

ipv6(41), ospf(89), pim(102), rsvp(46), tcp(6), or udp(17).

fragments:

BlackDiamond 10K and BlackDiamond 12804 only. Specifies IP fragmented packet. FO > 0

(FO = Fragment Offset in IP header).

first-fragments:

Non-IP fragmented packet or first fragmented packet. FO==0.

source-port:

TCP or UDP source port. In place of the numeric value, you can specify one of the text

synonyms. Normally, you specify this match in conjunction with the protocol match to

determine which protocol is being used on the port. In place of the numeric value, you can

specify one of the following text synonyms (the field values are also listed): afs(1483),

bgp(179), biff(512), bootpc(68), bootps(67), cmd(514), cvspserver(2401), DHCP(67),

domain(53), eklogin(2105), ekshell(2106), exec(512), finger(79), ftp(21), ftp-data(20), http(80),

https(443), ident(113), imap(143), kerberos-sec(88), klogin(543), kpasswd(761), krb-prop(754),

krbupdate(760), kshell(544), idap(389), login(513), mobileip-agent(434), mobileip-mn(435),

msdp(639), netbios-dgm(138), netbiosns( 137), netbios-ssn(139), nfsd(2049), nntp(119),

ntalk(518), ntp(123), pop3(110), pptp(1723), printer(515), radacct(1813), radius(1812), rip(520),

rkinit(2108), smtp(25), snmp(161), snmptrap(162), snpp(444), socks(1080), ssh(22),

sunrpc(111), syslog(514), tacacs-ds(65), talk(517), telnet(23), tftp(69), timed(525), who(513),

xdmcp(177), zephyr-clt(2103), or zephyr-hm(2104).

destination-port:

TCP or UDP destination port. Normally, you specify this match in conjunction with the protocol

match to determine which protocol is being used on the port. In place of the numeric value, you

can specify one of the following text synonyms (the field values are also listed): afs(1483),