Creating Classifier Control Lists ! 15
Chapter 2: Creating Policies
! Use the color keyword to match on one of the following:
! green—Matches packets with color green, indicating a low drop preference
! yellow—Matches packets with color yellow, indicating a medium drop
preference
! red—Matches packets with color red, indicating a high drop preference
! user-packet-class—Matches packets with the specified user packet class
value
! Use the no version to remove the classifier control list.
Examples: IP CLACLs ! Example 1—To set up a CLACL to accept IP traffic from all source addresses on
the subnet of XYZ Corp:
host1(config)#ip classifier-list XYZCorpPermit ip 192.168.0.0 0.0.255.255 any
! Example 2—To create a CLACL that filters all ICMP echo requests headed
toward an access link for XYZ Corp under a denial-of-service attack:
host1(config)#ip classifier-list XYZCorpIcmpEchoReqs icmp any any 8 0
! Example 3—To create a CLACL that matches all IGMP type 1 packets:
host1(config)#ip classifier-list XYZCorpIgmpType1 igmp any any 1
! Example 4—To create a CLACL that matches all traffic on UDP source ports
greater than 100:
host1(config)#ip classifier-list XYZCorpUdp udp any gt 100 172.17.2.1
0.0.255.255
ipv6 classifier-list
! Use to create or modify an IPv6 classifier control list.
! Use the following keywords to configure the list:
! traffic-class—Matches packets with a traffic class that you defined using
the traffic-class command
! color
" green—Matches packets with color green, indicating a low drop
preference
" yellow—Matches packets with color yellow, indicating a medium drop
preference
" red—Matches packets with color red, indicating a high drop preference
! user-packet-class—Matches packets with the specified user packet class
value
NOTE: Do not use the asterisk (*) for the name of a classifier list. The asterisk is
used as a wildcard for the classifier-group command.
To Next Page
Loading...
