Specifications
Differentiated Services Configuration Command Set
Creating Diffserv Classes and Matching Conditions
SecureStack A2 Configuration Guide 7-9
Class matches of layer 4 destination or source must be sequenced before the corresponding protocol
match, as illustrated in the third example below.
You can only add classes of the same category to a policy.
set diffserv class match {[every classname] [dstmac | scrmac classname
macaddr macmask] [dstip | srcip classname ipaddr ipmask] [dstl4port |
srcl4port{keyword classname keyword | number classname portnumber}]
[ipdscp classname dscpval] [ipprecedence classname precedencenumber] [iptos
classname tosbits tosmask] [protocol {keyword classname protocol-name |
number classname protocol-number}] [refclass {add | remove}{classname
refclassname}] [vlan classname vlanid]}
Syntax Description
every classname Matches all packets to a specific class.
dstmac | scrmac
classname
macaddr macmask
Matches to a specific class based on destination or source
MAC address.
dstip | srcip
classname ipaddr
ipmask
Matches to a specific class based on destination or source
IP address.
dstl4port |
srcl4port
keyword
classname keyword
| number
classname
portnumber
Matches to a specific class based on destination or source
layer 4 port number or keyword. Valid keyword values are:
• domain
• echo
• ftp
• ftpdata
• http
• smtp
• snmp
• telnet
• tftp
• www
Valid portnumber values are 0 - 65535.
ipdscp classname
dscpval
Matches to a specific class based on the value of the IP
Diffserv Code Point. Valid numeric or keyword values can
be entered as listed in Table 7-1 on page 7-10.