policy
- traffic policy <txt>
- Devices
Traffic policy rule set
- Values:
txt – Traffic policy rule set name
- Instances:
Multiple
- traffic policy <txt> description <txt>
- Devices
- Values:
txt – Traffic policy rule set description
- traffic policy <txt> rule <u32>
- Devices
Rule number (1-9999)
- Values:
u32 – Rule number (1-9999)
- Instances:
Multiple
- traffic policy <txt> rule <u32> action
- Devices
Action to perform on a packet on rule match (‘accept’ by default)
- Instances:
Unique
- traffic policy <txt> rule <u32> action accept
- Devices
Accept packet
- traffic policy <txt> rule <u32> action continue
- Devices
Continue rules processing
- traffic policy <txt> rule <u32> action drop
- Devices
Drop packet
- traffic policy <txt> rule <u32> action enqueue <txt>
- Devices
Enqueue packet
- Reference:
- traffic policy <txt> rule <u32> action proxy
- Devices
Intercept incoming packet in a local socket
- Instances:
Unique
- traffic policy <txt> rule <u32> action proxy tcp <u32>
- Devices
Intercept packet in a TCP socket
- Values:
u32 – Local port on which local socket is bound to (1-65535)
- traffic policy <txt> rule <u32> action proxy udp <u32>
- Devices
Intercept packet in a UDP socket
- Values:
u32 – Local port on which local socket is bound to (1-65535)
- traffic policy <txt> rule <u32> action rate-limit <float>
- Devices
Drop packet if bandwidth exceeds a limit
- Values:
float – Rate in mbit per second (0.000001-30000)
- Instances:
Multiple
- traffic policy <txt> rule <u32> action rate-limit <float> burst <id>
- Devices
Burst size
- Values:
N[ms/mbit] – Burst in time (ms) or length (mbit)
- traffic policy <txt> rule <u32> advisor <txt>
- Devices
Advisor to enable or disable the policy rule
- Reference:
- traffic policy <txt> rule <u32> copy
- Devices
Copy packet metadata
- Instances:
Unique
- traffic policy <txt> rule <u32> copy connmark
- Devices
Copy connection tracking mark
- Instances:
Unique
- traffic policy <txt> rule <u32> copy connmark extra-mark <int>
- Devices
To packet extra mark
- Values:
int – Extra mark index (1-2)
- traffic policy <txt> rule <u32> copy connmark mark
- Devices
To packet mark
- traffic policy <txt> rule <u32> copy connmark tos
- Devices
Licenses
To IPv4 TOS byte
- traffic policy <txt> rule <u32> copy extra-connmark <int>
- Devices
Copy connection tracking extra mark
- Values:
int – Extra mark index (1-2)
- Instances:
Unique
- traffic policy <txt> rule <u32> copy extra-connmark <int> extra-mark <int>
- Devices
To packet extra mark
- Values:
int – Extra mark index (1-2)
- traffic policy <txt> rule <u32> copy extra-connmark <int> mark
- Devices
To packet mark
- traffic policy <txt> rule <u32> copy extra-connmark <int> tos
- Devices
Licenses
To IPv4 TOS byte
- traffic policy <txt> rule <u32> copy extra-mark <int>
- Devices
Copy packet extra mark
- Values:
int – Extra mark index (1-2)
- Instances:
Unique
- traffic policy <txt> rule <u32> copy extra-mark <int> connmark
- Devices
To connection tracking mark
- traffic policy <txt> rule <u32> copy extra-mark <int> extra-connmark <int>
- Devices
To connection tracking extra mark
- Values:
int – Extra mark index (1-2)
- traffic policy <txt> rule <u32> copy extra-mark <int> tos
- Devices
Licenses
To IPv4 TOS byte
- traffic policy <txt> rule <u32> copy mark
- Devices
Copy packet mark
- traffic policy <txt> rule <u32> copy mark connmark
- Devices
To connection tracking mark
- traffic policy <txt> rule <u32> copy mark extra-connmark <int>
- Devices
To connection tracking extra mark
- Values:
int – Extra mark index (1-2)
- traffic policy <txt> rule <u32> copy mark tos
- Devices
Licenses
To IPv4 TOS byte
- traffic policy <txt> rule <u32> copy tos
- Devices
Licenses
Copy IPv4 TOS byte
- Instances:
Unique
- traffic policy <txt> rule <u32> copy tos connmark
- Devices
Licenses
To connection tracking mark
- traffic policy <txt> rule <u32> copy tos extra-connmark <int>
- Devices
Licenses
To connection tracking extra mark
- Values:
int – Extra mark index (1-2)
- traffic policy <txt> rule <u32> copy tos extra-mark <int>
- Devices
Licenses
To packet extra mark
- Values:
int – Extra mark index (1-2)
- traffic policy <txt> rule <u32> copy tos mark
- Devices
Licenses
To packet mark
- traffic policy <txt> rule <u32> description <txt>
- Devices
- Values:
txt – Rule description
- traffic policy <txt> rule <u32> duplicate
- Devices
Duplicate (mirror) packet to another destination
- traffic policy <txt> rule <u32> duplicate device <ifc>
- Devices
Mirror packet to local device
- Values:
interface – Interface name to duplicate packets to (only for link-in link-out hooks)
- traffic policy <txt> rule <u32> duplicate remote <ipv4|ipv6>
- Devices
Mirror packet to remote IP address (supports IPv4 and IPv6)
- Values:
ipv4 – Destination IPv4 for duplicated packets (only for not link hooks)
ipv6 – Destination IPv6 for duplicated packets (only for not link hooks)
- Instances:
Multiple
- traffic policy <txt> rule <u32> duplicate remote <ipv4|ipv6> local-interface <ifc>
- Devices
Optional output interface for remote mirroring
- Values:
interface – Interface name for duplicated packets
- traffic policy <txt> rule <u32> duplicate remote <ipv4|ipv6> local-vrf <id>
- Devices
Optional output VRF for remote mirroring
- Values:
vrf – VRF name for duplicated packets
- Reference:
- traffic policy <txt> rule <u32> log
- Devices
Log packets matching rule
- traffic policy <txt> rule <u32> log app-id
- Devices
Log packet app-id if any
- traffic policy <txt> rule <u32> log level <txt>
- Devices
Specific log-level to use
- Values:
emerg – Emergency messages
alert – Urgent messages
crit – Critical messages
err – Error messages
warn – Warning messages
notice – Messages for further investigation
info – Informational messages
debug – Debug messages
- traffic policy <txt> rule <u32> log prefix <txt>
- Devices
- Values:
txt – Log message prefix text, up to 92 characters
- traffic policy <txt> rule <u32> selector <txt>
- Devices
IP traffic selector
- Reference:
- traffic policy <txt> rule <u32> set
- Devices
Packet modifications
- traffic policy <txt> rule <u32> set app-id
- Devices
Connection tracking app-id
- Instances:
Unique
- traffic policy <txt> rule <u32> set app-id custom <int>
- Devices
Selector ID for Classification Engine ID 6 (custom)
- Values:
int – Selector ID to set (0-16777215)
- traffic policy <txt> rule <u32> set app-id engine <int>
- Devices
Classification Engine ID
- Values:
int – Engine ID to set (1-255)
- Instances:
Multiple
- Required:
traffic policy <txt> rule <u32> set app-id engine <int> selector <int>
- traffic policy <txt> rule <u32> set app-id engine <int> selector <int>
- Devices
Selector ID for Classification Engine ID
- Values:
int – Selector ID to set (0-16777215)
- traffic policy <txt> rule <u32> set app-id l3 <int>
- Devices
Selector ID for Classification Engine ID L3
- Values:
int – Selector ID to set (1-16777215)
- traffic policy <txt> rule <u32> set app-id l4 <int>
- Devices
Selector ID for Classification Engine ID L4
- Values:
int – Selector ID to set (1-16777215)
- traffic policy <txt> rule <u32> set class <u32>
- Devices
Set traffic control class value (pre-classification)
- Values:
u32 – Disable pre-classification (0)
u32 – Class identifier (1-4095)
- traffic policy <txt> rule <u32> set connmark <int>
- Devices
Set connmark using a specific value
- Values:
int – Packet marking (0-2147483647)
- traffic policy <txt> rule <u32> set conntag <txt>
- Devices
Set a string tag
- Values:
txt – Tag string (up to 255 characters)
- traffic policy <txt> rule <u32> set cos-mark <u32>
- Devices
Set the Class of Service (COS) to use for the VLAN tag
This field must be set before inserting the VLAN tag (e.g., in a VIF interface)
- Values:
u32 – COS number (0-7)
- traffic policy <txt> rule <u32> set dscp <int>
- Devices
Licenses
Differentiated Services Code Point
- Values:
int – DSCP (0-63)
- traffic policy <txt> rule <u32> set ecn <int>
- Devices
Licenses
Explicit Congestion Notification
- Values:
int – ECN (0-3)
- traffic policy <txt> rule <u32> set extra-connmark <int>
- Devices
Connmark extra marking
- Values:
int – Extra connmark index (1-2)
- Instances:
Multiple
- Required:
traffic policy <txt> rule <u32> set extra-connmark <int> value <int>
- traffic policy <txt> rule <u32> set extra-connmark <int> value <int>
- Devices
Connmark extra marking
- Values:
int – Packet extra marking (0-2147483647)
- traffic policy <txt> rule <u32> set extra-mark <int>
- Devices
Packet extra marking
- Values:
int – Extra mark index (1-2)
- Instances:
Multiple
- Required:
traffic policy <txt> rule <u32> set extra-mark <int> value <int>
- traffic policy <txt> rule <u32> set extra-mark <int> value <int>
- Devices
Packet extra marking
- Values:
int – Packet extra marking (0-2147483647)
- Instances:
Multiple
- traffic policy <txt> rule <u32> set extra-mark <int> value <int> connmark-cache
- Devices
Enable connmark cache
- traffic policy <txt> rule <u32> set hoplimit <int>
- Devices
Hoplimit for IPv6 packets
- Values:
int – Hoplimit (0-255)
- traffic policy <txt> rule <u32> set ipv6-dscp <int>
- Devices
Differentiated Services Code Point for IPv6 packets
- Values:
int – DSCP (0-63)
- traffic policy <txt> rule <u32> set ipv6-ecn <int>
- Devices
Explicit Congestion Notification
- Values:
int – ECN (0-3)
- traffic policy <txt> rule <u32> set label <id>
- Devices
Set a label into the packet
- Reference:
- Instances:
List of values
- traffic policy <txt> rule <u32> set mark <int>
- Devices
Packet marking
- Values:
int – Packet marking (0-2147483647)
- Instances:
Multiple
- traffic policy <txt> rule <u32> set mark <int> connmark-cache
- Devices
Enable connmark cache
- traffic policy <txt> rule <u32> set tcp-mss <int>
- Devices
Maximum segment size
- Values:
int – “Segment size” (0-65535)
- traffic policy <txt> rule <u32> set tos <int>
- Devices
Licenses
Type Of Service
- Values:
int – TOS (0-255)
- traffic policy <txt> rule <u32> set ttl <int>
- Devices
Time to Live
- Values:
int – TTL (0-255)
- traffic policy <txt> rule <u32> set vrf <id>
- Devices
Set mark using a VRF identifier
- Reference:
- Instances:
Multiple
- traffic policy <txt> rule <u32> set vrf <id> connmark-cache
- Devices
Enable connmark cache
- traffic policy <txt> rule <u32> set vrf-connmark <id>
- Devices
Set connmark using a VRF identifier
- Reference: