set policy rule

Usage

An admin rule can be used to map incoming tagged frames to a policy role (profile). There can be only one admin rule configured per system (stack). Typically, this rule is used to implement the “User + IP phone” legacy feature. Refer to Configuring User + IP Phone Authentication” on page 26‐48 for more information. You would configure a policy profile/role for IP phones (for example, assigning the traffic to a “voice” VLAN), then associate that policy profile with the admin rule, and associate the admin rule with the desired ports. Users authenticating over the same port will typically use a dynamically assigned policy role.

A policy classification rule has two main parts: Traffic Description and Actions. The Traffic Description identifies the type of traffic to which the rule will pertain. Actions specify whether that traffic will be assigned class of service, assigned to a VLAN, or both.

Table 11‐3 provides the set policy rule data values that can be entered for a particular parameter, and the mask bits that can be entered for each classifier associated with that parameter.

Table 11-3 Valid Values for Policy Classification Rules

Classification Rule Parameter

data value

mask bits

 

 

 

ether

Type field in Ethernet II packet:

Not applicable.

 

1536 - 65535 or 0x600 - 0xFFFF

 

 

 

 

ipproto

Protocol field in IP packet:

Not applicable.

 

0 - 255 or 0 - 0xFF

 

Destination or Source IP Address: ipdestsocket

ipsourcesocket

IP Address in dotted decimal

1 - 48

format: 000.000.000.000 and

(Optional) post-fixed port: 0 -

65535

iptos

Type of Service field in IP packet:

Not applicable.

 

0 - 252 or 0 - 0xFC

 

 

 

 

Destination or Source MAC:

MAC Address: 00-00-00-00-00-

1 - 48

macdest

00

 

macsource

 

 

 

 

 

Destination or Source TCP port:

TCP Port Number:

1 - 16

tcpdestport

0 - 65535 or 0 - 0xFFFF

 

tcpsourceport

 

 

 

 

 

Destination or Source UDP port:

UDP Port Number:

1 - 16

udpsourceport

0 - 65535 or 0 - 0xFFFF

 

udpdestport

 

 

 

 

 

vlantag

VLAN tag: 1- 4094

Not applicable.

 

 

 

Examples

This example shows how to use Table 11‐3 to assign a rule to policy profile 3 that will filter Ethernet II Type 1526 frames to VLAN 7:

C3(su)->set policy rule 3 ether 1526 vlan 7

This example shows how to use Table 11‐3 to assign a rule to policy profile 5 that will forward UDP packets from source port 45:

C3(su)->set policy rule 5 udpportsource 45 forward

11-12 Policy Classification Configuration

Page 362
Image 362
Enterasys Networks 9034313-07 manual Valid Values for Policy Classification Rules, Data value Mask bits