ON THIS PAGE
Example: Classifying Packets Based on Their Destination Address
This example shows how to classify packets based on their destination address by using a multifield classifier.
Requirements
No special configuration beyond device initialization is required before configuring this example.
Overview
In this example you configure a multifield classifier (firewall
filter) that ensures that all IPv4 packets destined for the 10.10.10.0/24 network are placed into the platinum forwarding class.
This assignment occurs regardless of the received CoS bit values in
the packet.
You then apply this filter to the inbound interface so-1/2/2.0 and verify your configuration is attached to the correct interface,
issue the show interfaces filters command..
Configuration
CLI Quick Configuration
To quickly configure the multifield classifer (firewall filter), copy the following commands to a text file, remove any line breaks, and then paste the commands into the CLI.
set firewall family inet filter set-FC-to-platinum term match-a-single-route from destination-address 10.10.10.0/24 set firewall family inet filter set-FC-to-platinum term match-a-single-route then forwarding-class platinum set firewall family inet filter set-FC-to-platinum term match-a-single-route then accept set firewall family inet filter set-FC-to-platinum term accept-all then accept set interfaces so-1/2/2 unit 0 family inet filter input set-FC-to-platinum
Configuring Firewall Filter
Step-by-Step Procedure
The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode. To configure the multifield classifier (firewall filter):
Create and configure the multifield classifier (firewall filter).
[edit firewall family inet filter set-FC-to-platinum] set term match-a-single-route from destination-address 10.10.10.0/24 set term match-a-single-route then forwarding-class platinum set term match-a-single-route then accept set term accept-all then accept
Apply the classifier to the interface.
[edit interfaces] set interfaces so-1/2/2 unit 0 family inet filter input set-FC-to-platinum
Results
Confirm your configuration by entering the show
firewall and show interfaces commands from configuration
mode. If the output does not display the intended configuration, repeat
the instructions in this example to correct the configuration.
user@host# show firewall
filter set-FC-to-platinum {
term match-a-single-route {
from {
destination-address {
10.10.10.0/24;
}
}
then {
forwarding-class platinum;
accept;
}
}
user@host# show interfaces
so-1/2/2 {
unit 0 {
family inet {
filter {
input set-FC-to-platinum;
}
}
}
}
If you are done configuring the device, enter commit from configuration mode.