Note: In essence, this the “free form” version of the IP DSCP/Precedence/TOS match specification in that the user has complete control of specifying which bits of the IP Service Type field are checked.

Default

None

Command Mode

Class-Map Config

5.12.2.12match protocol

This command adds to the specified class definition a match condition based on the value of the IP Protocol field in a packet using a single keyword notation or a numeric value notation.

Syntax

match protocol {<protocol-name> <0-255>}

<protocol-name>is one of the supported protocol name keywords. The currently supported values are: icmp, igmp, ip, tcp, udp. Note that a value of ip is interpreted to match all protocol number values. To specify the match condition using a numeric value notation, the protocol number is a standard value assigned by IANA and is interpreted as an integer from 0 to 255.

Note: This command does not validate the protocol number value against the current list defined by IANA.

Default

None

Command Mode

Class-Map Config

5.12.2.13match srcip

This command adds to the specified class definition a match condition based on the source IP address of a packet.

Syntax

match srcip <ipaddr> <ipmask>

263

Page 262 Page 264
Page 263
Image 263
Fortinet MR1 manual Syntax Match protocol protocol-name, Syntax Match srcip ipaddr ipmask
Page 262 Page 264
Top Page Image Contents