class ip
Syntax
Syntax to create an IPv4 class and enter its context. Plus syntax to remove a class:
class ip <CLASS-NAME>
no class ip <CLASS-NAME>
Syntax (within the class context) for creating or removing class entries for protocols
ah
,
gre
,
esp
,
igmp
,
ospf
,
pim
(
is available as an alias for
ip
any
):
[<SEQUENCE-NUMBER>]
{match|ignore}
{any|ip|ah|gre|esp|igmp|ospf|pim|<IP-PROTOCOL-NUM>}
{any|<SRC-IP-ADDRESS>[/{<PREFIX-LENGTH>|<SUBNET-MASK>}]}
{any|<DST-IP-ADDRESS>[/{<PREFIX-LENGTH>|<SUBNET-MASK>}]}
[dscp <DSCP-SPECIFIER>] [ecn <ECN-VALUE>] [ip-precedence <IP-PRECEDENCE-VALUE>]
[tos <TOS-VALUE>] [fragment] [vlan <VLAN-ID>] [ttl <TTL-VALUE>] [count]
no <SEQUENCE-NUMBER>
Syntax (within the class context) for creating or removing class entries for protocols
sctp
,
tcp
,
udp
:
[<SEQUENCE-NUMBER>]
{match|ignore}
{sctp|tcp|udp}
{any|<SRC-IP-ADDRESS>[/{<PREFIX-LENGTH>|<SUBNET-MASK>}]}
[{eq|gt|lt} <PORT>|range <MIN-PORT> <MAX-PORT>]
{any|<DST-IP-ADDRESS>[/{<PREFIX-LENGTH>|<SUBNET-MASK>}]}
[{eq|gt|lt} <PORT>|range <MIN-PORT> <MAX-PORT>]
[urg] [ack] [psh] [rst] [syn] [fin] [established]
[dscp <DSCP-SPECIFIER>] [ecn <ECN-VALUE>] [ip-precedence <IP-PRECEDENCE-VALUE>]
[tos <TOS-VALUE>] [fragment] [vlan <VLAN-ID>] [ttl <TTL-VALUE>] [count]
no <SEQUENCE-NUMBER>
Syntax (within the class context) for creating or removing class entries for protocol
icmp
:
[<SEQUENCE-NUMBER>]
{match|ignore}
{icmp}
{any|<SRC-IP-ADDRESS>[/{<PREFIX-LENGTH>|<SUBNET-MASK>}]}
{any|<DST-IP-ADDRESS>[/{<PREFIX-LENGTH>|<SUBNET-MASK>}]}
[icmp-type {echo|echo-reply|<ICMP-TYPE-VALUE>}] [icmp-code <ICMP-CODE-VALUE>]
[dscp <DSCP-SPECIFIER>] [ecn <ECN-VALUE>] [ip-precedence <IP-PRECEDENCE-VALUE>]
[tos <TOS-VALUE>] [fragment] [vlan <VLAN-ID>] [ttl <TTL-VALUE>] [count]
no <SEQUENCE-NUMBER>
Syntax (within the class context) for class entry comments:
[<SEQUENCE-NUMBER>] comment <TEXT-STRING>
no <SEQUENCE-NUMBER> comment
Description
Creates or modifies an IPv4 traffic class to match specified packets. Class is composed of one or more class entries ordered and prioritized by sequence numbers. With this command, the class can classify traffic based on IPv4 header information.
The
no
form of the command can be used to delete either an IPv4 traffic class (use
no
with the class command) or an individual IPv4 traffic class entry (use
no
with the sequence number).
Command context
config
The
class ip <CLASS-NAME>
command takes you into the
config-class-ip
context where you enter the class entries.
Parameters
ip
Specifies create or modify an IPv4 class.
<CLASS-NAME>
Specifies the name of this class.
<SEQUENCE-NUMBER>
Specifies a sequence number for the class entry. Optional. Range: 1-4294967295.
{match|ignore}
Creates a rule to match or ignore specified packets.
<IP-PROTOCOL-NUM>
Specifies the protocol as its Internet Protocol number. For example, 2 corresponds to the IGMP protocol. Range: 0 to 255.
{any|<SRC-IP-ADDRESS>[/{<PREFIX-LENGTH>|<SUBNET-MASK>}]}
- Specifies the source IPv4 address.
any
- specifies any source IPv4 address.<SRC-IP-ADDRESS>
- specifies the source IPv4 host address.<PREFIX-LENGTH>
- specifies the address bits to mask (CIDR subnet mask notation). Range: 1 to 32.<SUBNET-MASK>
- specifies the address bits to mask (dotted decimal notation).
{any|<DST-IP-ADDRESS>[/{<PREFIX-LENGTH>|<SUBNET-MASK>}]}
- Specifies the destination IPv4 address.
any
- specifies any destination IPv4 address.<DST-IP-ADDRESS>
- specifies the destination IPv4 host address.<PREFIX-LENGTH>
- specifies the address bits to mask (CIDR subnet mask notation). Range: 1 to 32.<SUBNET-MASK>
- specifies the address bits to mask (dotted decimal notation).
[{eq|gt|lt} <PORT>|range <MIN-PORT> <MAX-PORT>]
- Specifies the port or port range. Port numbers are in the range of 0 to 65535.
eq <PORT>
- specifies the Layer 4 port.gt <PORT>
- specifies any Layer 4 port greater than the indicated port.lt <PORT>
- specifies any Layer 4 port less than the indicated port.range <MIN-PORT> <MAX-PORT>
- specifies the Layer 4 port range.
urg
Specifies matching on the TCP Flag: Urgent.
ack
Specifies matching on the TCP Flag: Acknowledgment.
psh
Specifies matching on the TCP Flag: Push buffered data to receiving application.
rst
Specifies matching on the TCP Flag: Reset the connection.
syn
Specifies matching on the TCP Flag: Synchronize sequence numbers.
fin
Specifies matching on the TCP Flag: Finish connection.
established
Specifies matching on the TCP Flag: Established connection.
dscp <DSCP-SPECIFIER>
Specifies the Differentiated Services Code Point (DSCP), either a numeric
<DSCP-VALUE>
(0 to 63) or one of these keywords:AF11
- DSCP 10 (Assured Forwarding Class 1, low drop probability)AF12
- DSCP 12 (Assured Forwarding Class 1, medium drop probability)AF13
- DSCP 14 (Assured Forwarding Class 1, high drop probability)AF21
- DSCP 18 (Assured Forwarding Class 2, low drop probability)AF22
- DSCP 20 (Assured Forwarding Class 2, medium drop probability)AF23
- DSCP 22 (Assured Forwarding Class 2, high drop probability)AF31
- DSCP 26 (Assured Forwarding Class 3, low drop probability)AF32
- DSCP 28 (Assured Forwarding Class 3, medium drop probability)AF33
- DSCP 30 (Assured Forwarding Class 3, high drop probability)AF41
- DSCP 34 (Assured Forwarding Class 4, low drop probability)AF42
- DSCP 36 (Assured Forwarding Class 4, medium drop probability)AF43
- DSCP 38 (Assured Forwarding Class 4, high drop probability)CS0
- DSCP 0 (Class Selector 0: Default)CS1
- DSCP 8 (Class Selector 1: Scavenger)CS2
- DSCP 16 (Class Selector 2: OAM)CS3
- DSCP 24 (Class Selector 3: Signaling)CS4
- DSCP 32 (Class Selector 4: Realtime)CS5
- DSCP 40 (Class Selector 5: Broadcast video)CS6
- DSCP 48 (Class Selector 6: Network control)CS7
- DSCP 56 (Class Selector 7)EF
- DSCP 46 (Expedited Forwarding)
ecn <ECN-VALUE>
Specifies an Explicit Congestion Notification value. Range: 0 to 3.
ip-precedence <IP-PRECEDENCE-VALUE>
Specifies an IP precedence value. Range: 0 to 7.
tos <TOS-VALUE>
Specifies the Type of Service value. Range: 0 to 31.
fragment
Specifies a fragment packet.
vlan <VLAN-ID>
Specifies VLAN tag to match on. 802.1Q VLAN ID.
NOTE:This parameter cannot be used in any class that will be applied to a VLAN.
ttl <TTL-VALUE>
Specifies a time-to-live (hop limit) value. Range: 0 to 255.
count
Keeps the hit counts of the number of packets matching this class entry.
[<SEQUENCE-NUMBER>] comment <TEXT-STRING>
Adds a comment to a class entry. The
no
form removes only the comment from the class entry.
Authority
Administrators or local user group members with execution rights for this command.
Usage
Entering an existing
<CLASS-NAME>
value will cause the existing class to be modified, with any new<SEQUENCE-NUMBER>
value creating an additional class entry, and any existing<SEQUENCE-NUMBER>
value replacing the existing class entry with the same sequence number.If no sequence number is specified, a new class entry will be appended to the end of the class with a sequence number equal to the highest class entry currently in the list plus 10.
If the
<IP-PROTOCOL-NUM>
parameter is used instead of a protocol name, ensure that any needed class entry-definition parameters specific to the selected protocol are also provided.
Examples
Creating an IPv4 class with three entries:
switch(config)# class ip MY_IP_CLASS switch(config-class-ip)# 10 match icmp any any switch(config-class-ip)# 20 ignore udp any any switch(config-class-ip)# 30 match tcp 192.168.0.1 192.168.0.2 switch(config-class-ip)# exit switch(config)# do show class Type Name Sequence Comment Action L3 Protocol Source IP Address Source L4 Port(s) Destination IP Address Destination L4 Port(s) Additional Parameters ------------------------------------------------------------------------------- IPv4 MY_IP_CLASS 10 match icmp any any 20 ignore udp any any 30 match tcp 192.168.0.1 192.168.0.2
Adding a comment to an existing IPv4 class entry:
switch(config)# class ip MY_IP_CLASS switch(config-class-ip)# 30 comment myipClass switch(config-class-ip)# exit switch(config)# do show class Type Name Sequence Comment Action L3 Protocol Source IP Address Source L4 Port(s) Destination IP Address Destination L4 Port(s) Additional Parameters ------------------------------------------------------------------------------- IPv4 MY_IP_CLASS 10 match icmp any any 20 ignore udp any any 30 myipClass match tcp 192.168.0.1 192.168.0.2
Removing a comment from an existing IPv4 class entry:
switch(config)# class ip MY_IP_CLASS switch(config-class-ip)# no 30 comment switch(config-class-ip)# exit switch(config)# do show class Type Name Sequence Comment Action L3 Protocol Source IP Address Source L4 Port(s) Destination IP Address Destination L4 Port(s) Additional Parameters ------------------------------------------------------------------------------- IPv4 MY_IP_CLASS 10 match icmp any any 20 ignore udp any any 30 match tcp 192.168.0.1 192.168.0.2
Replacing an IPv4 class entry in an existing class:
switch(config)# class ip MY_IP_CLASS switch(config-class-ip)# 10 match igmp any any switch(config-class-ip)# exit switch(config)# do show class Type Name Sequence Comment Action L3 Protocol Source IP Address Source L4 Port(s) Destination IP Address Destination L4 Port(s) Additional Parameters ------------------------------------------------------------------------------- IPv4 MY_IP_CLASS 10 match igmp any any 20 ignore udp any any 30 match tcp 192.168.0.1 192.168.0.2
Removing an IPv4 class entry:
switch(config)# class ip MY_IP_CLASS switch(config-class-ip)# no 10 switch(config-class-ip)# exit switch(config)# do show class Type Name Sequence Comment Action L3 Protocol Source IP Address Source L4 Port(s) Destination IP Address Destination L4 Port(s) Additional Parameters ------------------------------------------------------------------------------- IPv4 MY_IP_CLASS 20 ignore udp any any 30 match tcp 192.168.0.1 192.168.0.2
The corresponding entries are only removed if the class is unused by all policy entries.
switch(config)# no class ip MY_IP_CLASS switch(config)# do show class No Class found.