The following example requires that you navigate various levels in theĬonfiguration hierarchy.
To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, copy and paste the commands into the CLI at the hierarchy level, and then enter commit from the configuration mode.ĭevice R1 set interfaces ge-1/0/1 description to-host set interfaces ge-1/0/1 unit 0 family inet filter input mf-classifier set interfaces ge-1/0/1 unit 0 family inet address 172.16.50.2/30 set interfaces ge-1/0/9 description to-R2 set interfaces ge-1/0/9 unit 0 family inet address 10.30.0.1/30 set class-of-service forwarding-classes class BE-data queue-num 0 set class-of-service forwarding-classes class Premium-data queue-num 1 set class-of-service forwarding-classes class Voice queue-num 2 set class-of-service forwarding-classes class NC queue-num 3 set firewall family inet filter mf-classifier term BE-data from protocol tcp set firewall family inet filter mf-classifier term BE-data from port 80 set firewall family inet filter mf-classifier term BE-data then forwarding-class BE-data set firewall family inet filter mf-classifier term Premium-data from protocol tcp set firewall family inet filter mf-classifier term Premium-data from port 12345 set firewall family inet filter mf-classifier term Premium-data then forwarding-class Premium-data set firewall family inet filter mf-classifier term accept-all-else then acceptĭevice R2 set interfaces ge-1/0/9 description to-R1 set interfaces ge-1/0/9 unit 0 family inet address 10.30.0.2/30 The classifier operation is shown in Figure 1. In specifying the custom forwarding classes, you also associate each class with a queue. In this example, you configure the firewall filter mf-classifier and specify some custom forwarding classes on Device R1. Multifield classifiers are typically used at the network edge as packets enter an autonomous system (AS). TCP packets with source port 12345 are classified into the Premium-data forwarding class and queue number 1. The configuration in this example specifies that TCP packets with source port 80 are classified into the BE-data forwarding class and queue number 0. The TCP port numbers 5 are used in this example, but many other matching criteria for packet detection are available to multifield classifiers, using firewall filter match conditions. One common way to detect packets of interest is by source port number. The packet header contents are examined, and this examination determines how the packet is treated when the network becomes too busy to handle all of the packets and you want your devices to drop packets intelligently, instead of dropping packets indiscriminately.
Firewall builder classify example software#
A classifier is a software operation that inspects a packet as it enters the router or switch.
0 kommentar(er)
