JUNOSe 7.2.x Policy Management Configuration Guide
16 ! Creating Classifier Control Lists
! Use the protocol option to match a specific protocol number and specify
protocol attributes:
! icmpv6—ICMP type and code
! tcp—TCP protocol attributes, such as source and destination port, and
source and destination TCP operator and port
! udp—UDP protocol attributes, such as source and destination port
! For TCP and UDP, use the portQualifier option to specify a single port or a range
of source or destination ports. The portQualifier option is composed of:
! portNumber—Single port number or the beginning of a range of port
numbers
! toPortNumber—End of a range of port numbers
! portOperator—One of the following:
" eq—equal to
" lt—less than
" gt—greater than
" neq—not equal to
" range—range of ports
For example, the following command matches packets from port 75:
host1(config)#ipv6 classifier-list YourListName udp destination-port eq 75
! For TCP, use the tcp-flags keyword and a logical equation (a quotation-enclosed
string using ! for NOT, & for AND) to match one or more of the following TCP
flags: ack, fin, psh, rst, syn, urg. For example:
host1(config)#ipv6 classifier-list telnetConnects tcp destination-port eq 23
tcp-flags "syn & !ack"
! For ICMPv6, use the icmp-type option to specify the icmpType and icmpCode
parameters:
! icmpType—ICMP message type; in the range 0–255
! icmpCode—ICMP message code; in the range 0–255
For example, the following command matches ICMPv6 packets with an ICMP
type of 3 and code of 6:
host1(config)#ipv6 classifier-list listname icmpv6 icmp-type 3 icmp-code 6
! Use the following keywords to configure classification to match route-class
values:
! source-route-class—Classifies on packets associated with a route class
based on the packet’s source address; route-class range is 0–255; default is
0.
! destination-route-class—Classifies on incoming packets associated with a
route class based on the packet’s destination address; route-class range is
0–255; default is 0.
To Next Page
Loading...
