Selector
The following scenario shows how to configure different traffic selector rules. Selectors can be used to restrict the traffic affected by other features (like NAT, Netflow, traffic policies, etc).
Test Traffic Selector Rules
Description
This scenario demonstrates how to use traffic selector rules that can be configured as filters to match the desired traffic.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 100.0.0.1/24 set interfaces ethernet eth0 address '2001:d00::1/24' set interfaces ethernet eth0 traffic policy in ACCESS_LIST set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy ACCESS_LIST rule 1 action accept set traffic policy ACCESS_LIST rule 1 selector SELECTOR set traffic policy ACCESS_LIST rule 2 action drop set traffic selector SELECTOR rule 1
Step 2: Ping IP address 100.0.0.1 from DUT1:
admin@DUT1$ ping 100.0.0.1 tos 32 ttl 32 count 1 size 56 timeout 1Show output
PING 100.0.0.1 (100.0.0.1) 56(84) bytes of data. 64 bytes from 100.0.0.1: icmp_seq=1 ttl=64 time=0.223 ms --- 100.0.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.223/0.223/0.223/0.000 ms
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 1 84 84 ----------------------------------------------------- Total 1 1 84 84
Example 2
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 100.0.0.1/24 set interfaces ethernet eth0 address '2001:d00::1/24' set interfaces ethernet eth0 traffic policy in ACCESS_LIST set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy ACCESS_LIST rule 1 action accept set traffic policy ACCESS_LIST rule 1 selector SELECTOR set traffic policy ACCESS_LIST rule 2 action drop set traffic selector SELECTOR rule 1 exclude set traffic selector SELECTOR rule 1 not protocol icmp set traffic selector SELECTOR rule 2 destination address 100.0.0.1 set traffic selector SELECTOR rule 3 source address 100.0.0.2
Step 2: Ping IP address 100.0.0.1 from DUT1:
admin@DUT1$ ping 100.0.0.1 tos 32 ttl 32 count 1 size 56 timeout 1Show output
PING 100.0.0.1 (100.0.0.1) 56(84) bytes of data. 64 bytes from 100.0.0.1: icmp_seq=1 ttl=64 time=0.416 ms --- 100.0.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.416/0.416/0.416/0.000 ms
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) --------------------------------------------------------- rule pkts match pkts eval bytes match bytes eval --------------------------------------------------------- 1 (excl.) 0 1 0 84 2 1 1 84 84 3 0 0 0 0 --------------------------------------------------------- Total 1 1 84 84
Example 3
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 100.0.0.1/24 set interfaces ethernet eth0 address '2001:d00::1/24' set interfaces ethernet eth0 traffic policy in ACCESS_LIST set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy ACCESS_LIST rule 1 action accept set traffic policy ACCESS_LIST rule 1 selector SELECTOR set traffic policy ACCESS_LIST rule 2 action drop set traffic selector SELECTOR rule 1 destination address 100.0.0.1
Step 2: Ping IP address 100.0.0.1 from DUT1:
admin@DUT1$ ping 100.0.0.1 tos 32 ttl 32 count 1 size 56 timeout 1Show output
PING 100.0.0.1 (100.0.0.1) 56(84) bytes of data. 64 bytes from 100.0.0.1: icmp_seq=1 ttl=64 time=0.271 ms --- 100.0.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.271/0.271/0.271/0.000 ms
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 1 84 84 ----------------------------------------------------- Total 1 1 84 84
Example 4
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 100.0.0.1/24 set interfaces ethernet eth0 address '2001:d00::1/24' set interfaces ethernet eth0 traffic policy in ACCESS_LIST set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy ACCESS_LIST rule 1 action accept set traffic policy ACCESS_LIST rule 1 selector SELECTOR set traffic policy ACCESS_LIST rule 2 action drop set traffic selector SELECTOR rule 1 dscp 8
Step 2: Ping IP address 100.0.0.1 from DUT1:
admin@DUT1$ ping 100.0.0.1 tos 32 ttl 32 count 1 size 56 timeout 1Show output
PING 100.0.0.1 (100.0.0.1) 56(84) bytes of data. 64 bytes from 100.0.0.1: icmp_seq=1 ttl=64 time=0.368 ms --- 100.0.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.368/0.368/0.368/0.000 ms
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 1 84 84 ----------------------------------------------------- Total 1 1 84 84
Example 5
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 100.0.0.1/24 set interfaces ethernet eth0 address '2001:d00::1/24' set interfaces ethernet eth0 traffic policy in ACCESS_LIST set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy ACCESS_LIST rule 1 action accept set traffic policy ACCESS_LIST rule 1 selector SELECTOR set traffic policy ACCESS_LIST rule 2 action drop set traffic selector SELECTOR rule 1 icmp-type echo-reply,echo-request
Step 2: Ping IP address 100.0.0.1 from DUT1:
admin@DUT1$ ping 100.0.0.1 tos 32 ttl 32 count 1 size 56 timeout 1Show output
PING 100.0.0.1 (100.0.0.1) 56(84) bytes of data. 64 bytes from 100.0.0.1: icmp_seq=1 ttl=64 time=0.251 ms --- 100.0.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.251/0.251/0.251/0.000 ms
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 1 84 84 ----------------------------------------------------- Total 1 1 84 84
Example 6
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 100.0.0.1/24 set interfaces ethernet eth0 address '2001:d00::1/24' set interfaces ethernet eth0 traffic policy in ACCESS_LIST set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy ACCESS_LIST rule 1 action accept set traffic policy ACCESS_LIST rule 1 selector SELECTOR set traffic policy ACCESS_LIST rule 2 action drop set traffic selector SELECTOR rule 1 not ip-option lsrr
Step 2: Ping IP address 100.0.0.1 from DUT1:
admin@DUT1$ ping 100.0.0.1 tos 32 ttl 32 count 1 size 56 timeout 1Show output
PING 100.0.0.1 (100.0.0.1) 56(84) bytes of data. 64 bytes from 100.0.0.1: icmp_seq=1 ttl=64 time=0.246 ms --- 100.0.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.246/0.246/0.246/0.000 ms
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 1 84 84 ----------------------------------------------------- Total 1 1 84 84
Example 7
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 100.0.0.1/24 set interfaces ethernet eth0 address '2001:d00::1/24' set interfaces ethernet eth0 traffic policy in ACCESS_LIST set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy ACCESS_LIST rule 1 action accept set traffic policy ACCESS_LIST rule 1 selector SELECTOR set traffic policy ACCESS_LIST rule 2 action drop set traffic selector SELECTOR rule 1 in-interface eth0
Step 2: Ping IP address 100.0.0.1 from DUT1:
admin@DUT1$ ping 100.0.0.1 tos 32 ttl 32 count 1 size 56 timeout 1Show output
PING 100.0.0.1 (100.0.0.1) 56(84) bytes of data. 64 bytes from 100.0.0.1: icmp_seq=1 ttl=64 time=0.309 ms --- 100.0.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.309/0.309/0.309/0.000 ms
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 1 84 84 ----------------------------------------------------- Total 1 1 84 84
Example 8
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 100.0.0.1/24 set interfaces ethernet eth0 address '2001:d00::1/24' set interfaces ethernet eth0 traffic policy in ACCESS_LIST set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy ACCESS_LIST rule 1 action accept set traffic policy ACCESS_LIST rule 1 selector SELECTOR set traffic policy ACCESS_LIST rule 2 action drop set traffic selector SELECTOR rule 1 length min 32
Step 2: Ping IP address 100.0.0.1 from DUT1:
admin@DUT1$ ping 100.0.0.1 tos 32 ttl 32 count 1 size 56 timeout 1Show output
PING 100.0.0.1 (100.0.0.1) 56(84) bytes of data. 64 bytes from 100.0.0.1: icmp_seq=1 ttl=64 time=0.311 ms --- 100.0.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.311/0.311/0.311/0.000 ms
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 1 84 84 ----------------------------------------------------- Total 1 1 84 84
Example 9
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 100.0.0.1/24 set interfaces ethernet eth0 address '2001:d00::1/24' set interfaces ethernet eth0 traffic policy in ACCESS_LIST set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy ACCESS_LIST rule 1 action accept set traffic policy ACCESS_LIST rule 1 selector SELECTOR set traffic policy ACCESS_LIST rule 2 action drop set traffic selector SELECTOR rule 1 not out-interface eth0
Step 2: Ping IP address 100.0.0.1 from DUT1:
admin@DUT1$ ping 100.0.0.1 tos 32 ttl 32 count 1 size 56 timeout 1Show output
PING 100.0.0.1 (100.0.0.1) 56(84) bytes of data. 64 bytes from 100.0.0.1: icmp_seq=1 ttl=64 time=0.273 ms --- 100.0.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.273/0.273/0.273/0.000 ms
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 1 84 84 ----------------------------------------------------- Total 1 1 84 84
Example 10
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 100.0.0.1/24 set interfaces ethernet eth0 address '2001:d00::1/24' set interfaces ethernet eth0 traffic policy in ACCESS_LIST set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy ACCESS_LIST rule 1 action accept set traffic policy ACCESS_LIST rule 1 selector SELECTOR set traffic policy ACCESS_LIST rule 2 action drop set traffic selector SELECTOR rule 1 pkt-type unicast
Step 2: Ping IP address 100.0.0.1 from DUT1:
admin@DUT1$ ping 100.0.0.1 tos 32 ttl 32 count 1 size 56 timeout 1Show output
PING 100.0.0.1 (100.0.0.1) 56(84) bytes of data. 64 bytes from 100.0.0.1: icmp_seq=1 ttl=64 time=0.222 ms --- 100.0.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.222/0.222/0.222/0.000 ms
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 1 84 84 ----------------------------------------------------- Total 1 1 84 84
Example 11
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 100.0.0.1/24 set interfaces ethernet eth0 address '2001:d00::1/24' set interfaces ethernet eth0 traffic policy in ACCESS_LIST set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy ACCESS_LIST rule 1 action accept set traffic policy ACCESS_LIST rule 1 selector SELECTOR set traffic policy ACCESS_LIST rule 2 action drop set traffic selector SELECTOR rule 1 protocol icmp
Step 2: Ping IP address 100.0.0.1 from DUT1:
admin@DUT1$ ping 100.0.0.1 tos 32 ttl 32 count 1 size 56 timeout 1Show output
PING 100.0.0.1 (100.0.0.1) 56(84) bytes of data. 64 bytes from 100.0.0.1: icmp_seq=1 ttl=64 time=0.242 ms --- 100.0.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.242/0.242/0.242/0.000 ms
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 1 84 84 ----------------------------------------------------- Total 1 1 84 84
Example 12
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 100.0.0.1/24 set interfaces ethernet eth0 address '2001:d00::1/24' set interfaces ethernet eth0 traffic policy in ACCESS_LIST set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy ACCESS_LIST rule 1 action accept set traffic policy ACCESS_LIST rule 1 selector SELECTOR set traffic policy ACCESS_LIST rule 2 action drop set traffic selector SELECTOR rule 1 source address 100.0.0.2
Step 2: Ping IP address 100.0.0.1 from DUT1:
admin@DUT1$ ping 100.0.0.1 tos 32 ttl 32 count 1 size 56 timeout 1Show output
PING 100.0.0.1 (100.0.0.1) 56(84) bytes of data. 64 bytes from 100.0.0.1: icmp_seq=1 ttl=64 time=0.410 ms --- 100.0.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.410/0.410/0.410/0.000 ms
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 1 84 84 ----------------------------------------------------- Total 1 1 84 84
Example 13
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 100.0.0.1/24 set interfaces ethernet eth0 address '2001:d00::1/24' set interfaces ethernet eth0 traffic policy in ACCESS_LIST set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy ACCESS_LIST rule 1 action accept set traffic policy ACCESS_LIST rule 1 selector SELECTOR set traffic policy ACCESS_LIST rule 2 action drop set traffic selector SELECTOR rule 1 state established,new
Step 2: Ping IP address 100.0.0.1 from DUT1:
admin@DUT1$ ping 100.0.0.1 tos 32 ttl 32 count 1 size 56 timeout 1Show output
PING 100.0.0.1 (100.0.0.1) 56(84) bytes of data. 64 bytes from 100.0.0.1: icmp_seq=1 ttl=64 time=0.343 ms --- 100.0.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.343/0.343/0.343/0.000 ms
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 1 84 84 ----------------------------------------------------- Total 1 1 84 84
Example 14
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 100.0.0.1/24 set interfaces ethernet eth0 address '2001:d00::1/24' set interfaces ethernet eth0 traffic policy in ACCESS_LIST set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy ACCESS_LIST rule 1 action accept set traffic policy ACCESS_LIST rule 1 selector SELECTOR set traffic policy ACCESS_LIST rule 2 action drop set traffic selector SELECTOR rule 1 ttl equal 32
Step 2: Ping IP address 100.0.0.1 from DUT1:
admin@DUT1$ ping 100.0.0.1 tos 32 ttl 32 count 1 size 56 timeout 1Show output
PING 100.0.0.1 (100.0.0.1) 56(84) bytes of data. 64 bytes from 100.0.0.1: icmp_seq=1 ttl=64 time=0.478 ms --- 100.0.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.478/0.478/0.478/0.000 ms
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 1 84 84 ----------------------------------------------------- Total 1 1 84 84
Example 15
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 100.0.0.1/24 set interfaces ethernet eth0 address '2001:d00::1/24' set interfaces ethernet eth0 traffic policy in ACCESS_LIST set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy ACCESS_LIST rule 1 action accept set traffic policy ACCESS_LIST rule 1 selector SELECTOR set traffic policy ACCESS_LIST rule 2 action drop set traffic selector SELECTOR rule 1 ttl greater-than 16 set traffic selector SELECTOR rule 1 ttl less-than 64
Step 2: Ping IP address 100.0.0.1 from DUT1:
admin@DUT1$ ping 100.0.0.1 tos 32 ttl 32 count 1 size 56 timeout 1Show output
PING 100.0.0.1 (100.0.0.1) 56(84) bytes of data. 64 bytes from 100.0.0.1: icmp_seq=1 ttl=64 time=0.438 ms --- 100.0.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.438/0.438/0.438/0.000 ms
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 1 84 84 ----------------------------------------------------- Total 1 1 84 84
Example 16
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 100.0.0.1/24 set interfaces ethernet eth0 address '2001:d00::1/24' set interfaces ethernet eth0 traffic policy in ACCESS_LIST set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy ACCESS_LIST rule 1 action accept set traffic policy ACCESS_LIST rule 1 selector SELECTOR set traffic policy ACCESS_LIST rule 2 action drop set traffic selector SELECTOR rule 1 not destination mac-address '00:00:12:34:56:78'
Step 2: Ping IP address 100.0.0.1 from DUT1:
admin@DUT1$ ping 100.0.0.1 tos 32 ttl 32 count 1 size 56 timeout 1Show output
PING 100.0.0.1 (100.0.0.1) 56(84) bytes of data. 64 bytes from 100.0.0.1: icmp_seq=1 ttl=64 time=0.325 ms --- 100.0.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.325/0.325/0.325/0.000 ms
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 1 84 84 ----------------------------------------------------- Total 1 1 84 84
Example 17
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 100.0.0.1/24 set interfaces ethernet eth0 address '2001:d00::1/24' set interfaces ethernet eth0 traffic policy in ACCESS_LIST set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy ACCESS_LIST rule 1 action accept set traffic policy ACCESS_LIST rule 1 selector SELECTOR set traffic policy ACCESS_LIST rule 2 action drop set traffic selector SELECTOR rule 1 source mac-address 'DE:AD:BE:EF:6C:00-DE:AD:BE:EF:6C:FF'
Step 2: Ping IP address 100.0.0.1 from DUT1:
admin@DUT1$ ping 100.0.0.1 tos 32 ttl 32 count 1 size 56 timeout 1Show output
PING 100.0.0.1 (100.0.0.1) 56(84) bytes of data. 64 bytes from 100.0.0.1: icmp_seq=1 ttl=64 time=0.557 ms --- 100.0.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.557/0.557/0.557/0.000 ms
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 1 84 84 ----------------------------------------------------- Total 1 1 84 84
Example 18
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 100.0.0.1/24 set interfaces ethernet eth0 address '2001:d00::1/24' set interfaces ethernet eth0 traffic policy in ACCESS_LIST set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy ACCESS_LIST rule 1 action accept set traffic policy ACCESS_LIST rule 1 selector SELECTOR set traffic policy ACCESS_LIST rule 2 action drop set traffic selector SELECTOR rule 1 ether-type ip,ip6
Step 2: Ping IP address 100.0.0.1 from DUT1:
admin@DUT1$ ping 100.0.0.1 tos 32 ttl 32 count 1 size 56 timeout 1Show output
PING 100.0.0.1 (100.0.0.1) 56(84) bytes of data. 64 bytes from 100.0.0.1: icmp_seq=1 ttl=64 time=0.387 ms --- 100.0.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.387/0.387/0.387/0.000 ms
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 1 84 84 ----------------------------------------------------- Total 1 1 84 84
Example 19
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 100.0.0.1/24 set interfaces ethernet eth0 address '2001:d00::1/24' set interfaces ethernet eth0 traffic policy in ACCESS_LIST set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy ACCESS_LIST rule 1 action accept set traffic policy ACCESS_LIST rule 1 selector SELECTOR set traffic policy ACCESS_LIST rule 2 action drop set traffic selector SELECTOR rule 1 header-length min 4
Step 2: Ping IP address 100.0.0.1 from DUT1:
admin@DUT1$ ping 100.0.0.1 tos 32 ttl 32 count 1 size 56 timeout 1Show output
PING 100.0.0.1 (100.0.0.1) 56(84) bytes of data. 64 bytes from 100.0.0.1: icmp_seq=1 ttl=64 time=0.454 ms --- 100.0.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.454/0.454/0.454/0.000 ms
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 1 84 84 ----------------------------------------------------- Total 1 1 84 84
Example 20
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 100.0.0.1/24 set interfaces ethernet eth0 address '2001:d00::1/24' set interfaces ethernet eth0 traffic policy in ACCESS_LIST set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy ACCESS_LIST rule 1 action accept set traffic policy ACCESS_LIST rule 1 selector SELECTOR set traffic policy ACCESS_LIST rule 2 action drop set traffic selector SELECTOR rule 1 destination port 8080 set traffic selector SELECTOR rule 1 protocol tcp
Step 2: Initiate a tcp connection from DUT1 to DUT0 and try to send some messages between both endpoints
admin@DUT0$ monitor test connection server 8080 tcp admin@DUT1$ monitor test connection client 100.0.0.1 8080 tcp
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 14 14 836 836 ----------------------------------------------------- Total 14 14 836 836
Example 21
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 100.0.0.1/24 set interfaces ethernet eth0 address '2001:d00::1/24' set interfaces ethernet eth0 traffic policy in ACCESS_LIST set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy ACCESS_LIST rule 1 action accept set traffic policy ACCESS_LIST rule 1 selector SELECTOR set traffic policy ACCESS_LIST rule 2 action drop set traffic selector SELECTOR rule 1 not source port 8080 set traffic selector SELECTOR rule 1 protocol tcp
Step 2: Initiate a tcp connection from DUT1 to DUT0 and try to send some messages between both endpoints
admin@DUT0$ monitor test connection server 8080 tcp admin@DUT1$ monitor test connection client 100.0.0.1 8080 tcp
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 14 14 836 836 ----------------------------------------------------- Total 14 14 836 836
Example 22
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 100.0.0.1/24 set interfaces ethernet eth0 address '2001:d00::1/24' set interfaces ethernet eth0 traffic policy in ACCESS_LIST set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy ACCESS_LIST rule 1 action accept set traffic policy ACCESS_LIST rule 1 selector SELECTOR set traffic policy ACCESS_LIST rule 2 action drop set traffic selector SELECTOR rule 1 not tcp-flags rst set traffic selector SELECTOR rule 1 protocol tcp
Step 2: Initiate a tcp connection from DUT1 to DUT0 and try to send some messages between both endpoints
admin@DUT0$ monitor test connection server 8080 tcp admin@DUT1$ monitor test connection client 100.0.0.1 8080 tcp
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 14 14 836 836 ----------------------------------------------------- Total 14 14 836 836
Example 23
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 100.0.0.1/24 set interfaces ethernet eth0 address '2001:d00::1/24' set interfaces ethernet eth0 traffic policy in ACCESS_LIST set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy ACCESS_LIST rule 1 action accept set traffic policy ACCESS_LIST rule 1 selector SELECTOR set traffic policy ACCESS_LIST rule 2 action drop set traffic selector SELECTOR rule 1 not tcp-option sack set traffic selector SELECTOR rule 1 protocol tcp set traffic selector SELECTOR rule 1 tcp-flags syn set traffic selector SELECTOR rule 2 not tcp-flags syn set traffic selector SELECTOR rule 2 protocol tcp
Step 2: Initiate a tcp connection from DUT1 to DUT0 and try to send some messages between both endpoints
admin@DUT0$ monitor test connection server 8080 tcp admin@DUT1$ monitor test connection client 100.0.0.1 8080 tcp
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 14 60 836 2 13 13 776 776 ----------------------------------------------------- Total 14 14 836 836
Example 24
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 100.0.0.1/24 set interfaces ethernet eth0 address '2001:d00::1/24' set interfaces ethernet eth0 traffic policy in ACCESS_LIST set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy ACCESS_LIST rule 1 action accept set traffic policy ACCESS_LIST rule 1 selector SELECTOR set traffic policy ACCESS_LIST rule 2 action drop set traffic selector SELECTOR rule 1 protocol tcp set traffic selector SELECTOR rule 1 tcp-flags syn set traffic selector SELECTOR rule 1 tcp-mss greater-than 1300 set traffic selector SELECTOR rule 2 not tcp-flags syn set traffic selector SELECTOR rule 2 protocol tcp
Step 2: Initiate a tcp connection from DUT1 to DUT0 and try to send some messages between both endpoints
admin@DUT0$ monitor test connection server 8080 tcp admin@DUT1$ monitor test connection client 100.0.0.1 8080 tcp
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 14 60 836 2 13 13 776 776 ----------------------------------------------------- Total 14 14 836 836
Example 25
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 100.0.0.1/24 set interfaces ethernet eth0 address '2001:d00::1/24' set interfaces ethernet eth0 traffic policy in ACCESS_LIST set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy ACCESS_LIST rule 1 action accept set traffic policy ACCESS_LIST rule 1 selector SELECTOR set traffic policy ACCESS_LIST rule 2 action drop set traffic selector SELECTOR rule 1 protocol tcp set traffic selector SELECTOR rule 1 tcp-flags syn set traffic selector SELECTOR rule 1 tcp-window greater-than 5 set traffic selector SELECTOR rule 2 not tcp-flags syn set traffic selector SELECTOR rule 2 protocol tcp
Step 2: Initiate a tcp connection from DUT1 to DUT0 and try to send some messages between both endpoints
admin@DUT0$ monitor test connection server 8080 tcp admin@DUT1$ monitor test connection client 100.0.0.1 8080 tcp
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 14 60 836 2 13 13 776 776 ----------------------------------------------------- Total 14 14 836 836
Example 26
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 100.0.0.1/24 set interfaces ethernet eth0 address '2001:d00::1/24' set interfaces ethernet eth0 traffic policy in ACCESS_LIST set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy ACCESS_LIST rule 1 action accept set traffic policy ACCESS_LIST rule 1 selector SELECTOR set traffic policy ACCESS_LIST rule 2 action drop set traffic selector SELECTOR rule 1 destination ipv6-address '2001:d00::/24' set traffic selector SELECTOR rule 2 ipv6-icmp-type nd-neighbor-solicit
Step 2: Ping IP address 2001:d00::1 from DUT1:
admin@DUT1$ ping 2001:d00::1 tos 32 ttl 32 count 1 size 56 timeout 1Show output
PING 2001:d00::1(2001:d00::1) 56 data bytes 64 bytes from 2001:d00::1: icmp_seq=1 ttl=64 time=0.302 ms --- 2001:d00::1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.302/0.302/0.302/0.000 ms
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 2 2 176 176 2 0 0 0 0 ----------------------------------------------------- Total 2 2 176 176
Example 27
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 100.0.0.1/24 set interfaces ethernet eth0 address '2001:d00::1/24' set interfaces ethernet eth0 traffic policy in ACCESS_LIST set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy ACCESS_LIST rule 1 action accept set traffic policy ACCESS_LIST rule 1 selector SELECTOR set traffic policy ACCESS_LIST rule 2 action drop set traffic selector SELECTOR rule 1 hoplimit greater-than 16 set traffic selector SELECTOR rule 2 ipv6-icmp-type nd-neighbor-solicit
Step 2: Ping IP address 2001:d00::1 from DUT1:
admin@DUT1$ ping 2001:d00::1 tos 32 ttl 32 count 1 size 56 timeout 1Show output
PING 2001:d00::1(2001:d00::1) 56 data bytes 64 bytes from 2001:d00::1: icmp_seq=1 ttl=64 time=0.548 ms --- 2001:d00::1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.548/0.548/0.548/0.000 ms
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 1 104 104 2 0 0 0 0 ----------------------------------------------------- Total 1 1 104 104
Example 28
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 100.0.0.1/24 set interfaces ethernet eth0 address '2001:d00::1/24' set interfaces ethernet eth0 traffic policy in ACCESS_LIST set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy ACCESS_LIST rule 1 action accept set traffic policy ACCESS_LIST rule 1 selector SELECTOR set traffic policy ACCESS_LIST rule 2 action drop set traffic selector SELECTOR rule 1 hoplimit less-than 64 set traffic selector SELECTOR rule 2 ipv6-icmp-type nd-neighbor-solicit
Step 2: Ping IP address 2001:d00::1 from DUT1:
admin@DUT1$ ping 2001:d00::1 tos 32 ttl 32 count 1 size 56 timeout 1Show output
PING 2001:d00::1(2001:d00::1) 56 data bytes 64 bytes from 2001:d00::1: icmp_seq=1 ttl=64 time=0.232 ms --- 2001:d00::1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.232/0.232/0.232/0.000 ms
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 1 104 104 2 0 0 0 0 ----------------------------------------------------- Total 1 1 104 104
Example 29
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 100.0.0.1/24 set interfaces ethernet eth0 address '2001:d00::1/24' set interfaces ethernet eth0 traffic policy in ACCESS_LIST set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy ACCESS_LIST rule 1 action accept set traffic policy ACCESS_LIST rule 1 selector SELECTOR set traffic policy ACCESS_LIST rule 2 action drop set traffic selector SELECTOR rule 1 ipv6-dscp 8 set traffic selector SELECTOR rule 2 ipv6-icmp-type nd-neighbor-solicit
Step 2: Ping IP address 2001:d00::1 from DUT1:
admin@DUT1$ ping 2001:d00::1 tos 32 ttl 32 count 1 size 56 timeout 1Show output
PING 2001:d00::1(2001:d00::1) 56 data bytes 64 bytes from 2001:d00::1: icmp_seq=1 ttl=64 time=0.252 ms --- 2001:d00::1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.252/0.252/0.252/0.000 ms
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 1 104 104 2 0 0 0 0 ----------------------------------------------------- Total 1 1 104 104
Example 30
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 100.0.0.1/24 set interfaces ethernet eth0 address '2001:d00::1/24' set interfaces ethernet eth0 traffic policy in ACCESS_LIST set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy ACCESS_LIST rule 1 action accept set traffic policy ACCESS_LIST rule 1 selector SELECTOR set traffic policy ACCESS_LIST rule 2 action drop set traffic selector SELECTOR rule 1 ipv6-icmp-type echo-reply,echo-request set traffic selector SELECTOR rule 2 ipv6-icmp-type nd-neighbor-solicit
Step 2: Ping IP address 2001:d00::1 from DUT1:
admin@DUT1$ ping 2001:d00::1 tos 32 ttl 32 count 1 size 56 timeout 1Show output
PING 2001:d00::1(2001:d00::1) 56 data bytes 64 bytes from 2001:d00::1: icmp_seq=1 ttl=64 time=0.313 ms --- 2001:d00::1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.313/0.313/0.313/0.000 ms
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 1 104 104 2 0 0 0 0 ----------------------------------------------------- Total 1 1 104 104
Example 31
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 100.0.0.1/24 set interfaces ethernet eth0 address '2001:d00::1/24' set interfaces ethernet eth0 traffic policy in ACCESS_LIST set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy ACCESS_LIST rule 1 action accept set traffic policy ACCESS_LIST rule 1 selector SELECTOR set traffic policy ACCESS_LIST rule 2 action drop set traffic selector SELECTOR rule 1 protocol ipv6-icmp set traffic selector SELECTOR rule 2 ipv6-icmp-type nd-neighbor-solicit
Step 2: Ping IP address 2001:d00::1 from DUT1:
admin@DUT1$ ping 2001:d00::1 tos 32 ttl 32 count 1 size 56 timeout 1Show output
PING 2001:d00::1(2001:d00::1) 56 data bytes 64 bytes from 2001:d00::1: icmp_seq=1 ttl=64 time=0.231 ms --- 2001:d00::1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.231/0.231/0.231/0.000 ms
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 2 2 176 176 2 0 0 0 0 ----------------------------------------------------- Total 2 2 176 176
Example 32
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 100.0.0.1/24 set interfaces ethernet eth0 address '2001:d00::1/24' set interfaces ethernet eth0 traffic policy in ACCESS_LIST set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy ACCESS_LIST rule 1 action accept set traffic policy ACCESS_LIST rule 1 selector SELECTOR set traffic policy ACCESS_LIST rule 2 action drop set traffic selector SELECTOR rule 1 source ipv6-address '2001:d00::2' set traffic selector SELECTOR rule 2 ipv6-icmp-type nd-neighbor-solicit
Step 2: Ping IP address 2001:d00::1 from DUT1:
admin@DUT1$ ping 2001:d00::1 tos 32 ttl 32 count 1 size 56 timeout 1Show output
PING 2001:d00::1(2001:d00::1) 56 data bytes 64 bytes from 2001:d00::1: icmp_seq=1 ttl=64 time=0.385 ms --- 2001:d00::1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.385/0.385/0.385/0.000 ms
Step 3: Run command traffic selector show at DUT0 and check if output matches the following regular expressions:
Total\s+(?!0)\d+\s+(?!0)\d+Show output
Selector SELECTOR (Policy ACCESS_LIST -- ifc eth0 -- hook in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 1 1 104 104 2 0 0 0 0 ----------------------------------------------------- Total 1 1 104 104