Enterasys SecureStack B3

To Next Page

To Previous Page

set policy rule

10-10 Policy Classification Configuration

Syntax

Thiscommandhastwoformsofsyntax—onetocreateanadminrule(forpolicyID0),andthe

othertocreateaclassificationruleandattach ittoapolicyprofile.

set policy rule admin-profile {vlantag data [mask mask] admin-pid profile-index}

[port-string port-string]

set policy rule profile-index {ether |ipproto | ipdestsocket | ipsourcesocket |

udpsourceport} data [mask mask] [vlan vlan] [cos cos] | [drop | forward]

Parameters

Thefollowingparametersapplytocreatinganadminrule.

Thefollowingparametersapplytocreatingaclassificationrule.

Note: C3, B3, and G3 devices support the following numbers of unique rules per system.

• 128 L2 DA/SA MAC rules

• 128 L2 Ethertype rules

• 511 L3/L4 rules

These rules can be shared on different ports with different users, but are not shared between

profiles.

Note: Classification rules are automatically enabled when created.

admin‐profile SpecifiesthatthisisanadminruleforpolicyID0.

vlantagdata Classifiesbased onVLANtagspecifiedbydata.Valueofdatacanrange

from1to4094or0xFFF.

maskmask (Optional)Specifiesthenumberofsignificantbitstomatch,dependent

onthedatavalueentered.Valueof

maskcanrangefrom1to12.

RefertoTable 10‐3forvalidvaluesforeachclassificationtypeanddata

value.

admin‐pid

profile‐index

Associatesthisadminrulewithapolicyprofile,identifiedbyitsindex

number.Policyprofilesareconfiguredwiththesetpolicyprofile

commandasdescribed

in“setpolicyprofile”onpage 10‐3.

Validprofile‐indexvaluesare1‐255.

port‐stringport‐string (Optional)Assignsthisruletothespecifiedpolicyprofileonspecific

ingressport(s).Rulewouldnotbeuseduntilpolicyisassignedtothe

specifiedport(s)usingthesetpolicyportcommand

asdescribedin“set

policyport”onpage 10‐14.

profile‐index Specifiesapolicyprofilenumbertowhichthisrulewillbeassigned.

Policyprofilesareconfiguredwiththesetpolicyprofilecommandas

describedin“setpolicyprofile”onpage 10‐3.Validprofile‐indexvalues

are1‐255.

ether ClassifiesbasedontypefieldinEthernetIIpacket.

ipproto

ClassifiesbasedonProtocolfieldinIPpacket.

Main Page

Enterasys SecureStack B3

Table of Contents

Related product manuals