Device Online Help # Go back one pageGo to the next page#Go to this book's Index

Configuring the template rule

To configure the template rule:

  1. From the Device Manager menu bar, choose IP Routing > Filter.
  2. The ACL dialog box opens with the Template Mode tab displayed.
  3. Click the Template Rule tab.
  4. The Template Rule tab opens.

The table that follows describes the Template Rule dialog box fields.


Field Description
TemplateID
Specifies the template ID index.
Index
Specifies the template rule index. It is automatically generated by the switch.
Mode
Specifies the rule type of the entry. Possible values here include:
  • security- when a template operates in security mode, it acts like a source IP filter. Packets that match a rule are considered dangerous to network security and are unconditionally dropped.
  • qos- when a template operates in qos mode, packets that match require some levels of bandwidth guarantee.
  • l4-switch- when a template operates in l2_switch mode, you must further define the combination fields of the packet header (IP and L4 header) to be examined.
SecuritySrclp
Indicates the source IP address of the flow template. If you do not define the Template Rule Mode as security, this object displays as 0.0.0.0.
QosFlavor
Indicates the rule type of the QoS mode. Possible flavors here include:
  • 8021p
  • dscp
  • ip
  • tcp
  • udp
If you do not define the Template Rule Mode as qos, you must define it as un-used.
QosValue
This parameter must match the Template Rule QosFlavor.
  • If the flavor is 8021p, the range is 0~7.
  • If the flavor is dscp, the range is 0~63.
  • If the flavor is tcp, or udp(5), the range is 1~65535.
  • If the flavor is ip, the QosValue must be an IP address.
If you do not define the Template Rule Mode as qos, this object must be 0.
QosPriority
Indicates the priority of ingress packets in QoS mode in the range of 0- 7. If you do not define the Template Rule Mode as qos, this object must be 0.
QosDscp
Indicates the DSCP of ingress packets in QoS mode in the range from 0- 63. If you do not define the Template Rule Mode as qos, this object must be 0.
L4SwitchSessionType
Indicates the rule type of the TCP-Session in L4-Switch mode. Possible values here include:
  • other
  • tcp
  • udp
If you do not define the Template Rule Mode l4-switch, you must define it as un-used.
L4SwitchSessionTCPDstlp
Indicates the destination IP address in the configured L4 TCP-session rule entries. If you do not define the Template Rule Mode as l4-switch, this object must be 0.0.0.0.
L4SwitchSessionTCPSrclp
Indicates the source IP address in the configured L4 TCP-session rule entries. If you do not define the Template Rule Mode as l4-switch, this object must be 0.0.0.0.
L4SwitchSessionTCPTos
Indicates the Type of Service (ToS) in the configured L4 TCP-session rule entries. If you do not define the Template Rule Mode as l4-switch, this object must be zero.
L4SwitchSessionTCPDstPort
Indicates the destination TCP port number in the configured L4 TCP-session rule entries. If you do not define the Template Rule Mode as l4-switch, this object must be zero.
L4SwitchSessionTCPSrcPort
Indicates the source TCP port number in the configured L4 TCP-session rule entries. If you do not define the Template Rule Mode as l4-switch, this object must be zero.
L4SwitchSessionTCPFlags
Indicates the TCP flags in the configured L4 TCP- session rule entries. Possible values here include:
  • fin
  • syn
  • rest
  • psh
  • ack
  • urg
If you do not define the Template Rule Mode as l4-switch, this object must be un-used.
L4SwitchSessionUDPDstlp
Indicates the destination IP address in the configured L4 UDP-session rule entries. If you do not define the Template Rule Mode as l4-switch, this object must be 0.0.0.0.
L4SwitchSessionUDPSrclp
Indicates the source IP address in the configured L4 UDP-session rule entries. If you do not define the Template Rule Mode as l4-switch, this object must be 0.0.0.0.
L4SwitchSessionUDPTos
Indicates the ToS in the configured L4 UDP-session rule entries. If you do not define the Template Rule Mode as l4-switch, this object must be zero
L4SwitchSessionUDPDstPort
Indicates the destination UDP port number in the configured L4 UDP-session rule entries. If you do not define the Template Rule Mode as l4-switch, this object must be zero.
L4SwitchSessionUDPSrcPort
Indicates the source UDP port number in the configured L4 UDP-session rule entries. If you do not define the Template Rule Mode as l4-switch, this object must be zero.
L4SwitchSessionOtherDstlp
Indicates the destination IP address in the configured L4 OTHER-session rule entries. If you do not define the Template Rule Mode as l4-switch, this object must be 0.0.0.0.
L4SwitchSessionOtherSrclp
Indicates the source IP address in the configured L4 OTHER-session rule entries. If you do not define the Template Rule Mode as l4-switch, this object must be 0.0.0.0
L4SwitchSessionOtherTos
Indicates the ToS in the configured L4 OTHER-session rule entries. If you do not define the Template Rule Mode as l4-switch, this object must be zero.
L4SwitchSessionOtherL4Protocol
Indicates the l4_protocol in the configured L4 OTHER-session rule entries. Possible values here include:
  • icmp
  • igmp
If you do not define the Template Rule Mode as l4-switch, this object must be un-used.
L4SwitchSessionOtherICMPType
Indicates the type of ICMP message in the configured L4 OTHER-session rule entries. The range is 0x00- 0xff. If you do not define the Template Rule Mode as l4-switch, this object must be zero.
L4SwitchSessionOtherICMPCode
Indicates the code of ICMP message in the configured L4 OTHER-session rule entries. The range is 0x00- 0xff. If you do not define the Template Rule Mode as l4-switch, this object must be zero.
L4SwitchSessionOtherIGMPType
Indicates the IGMP type in the configured L4 OTHER-session rule entries. Possible values here include:
  • query
  • response-version-1
  • response-version-2
  • response-version-all
If you do not define the Template Rule Mode as l4-switch, this object must be un-used. If the object is set to response-version-all, it means to create two entries with response-version-1 and response-version-2.
L4SwitchActionType
Specifies the action to take when a packet matches an entry of l4-switch mode. Possible values here include:
  • drop
  • forward
  • redirect
If you do not define the Template Rule Mode as l4-switch, this object must be un-used.
L4SwitchActionForwardPriorityState
Specifies whether or not you wish to send the object to one of 8 hardware priority queues. Possible values here include:
  • other (when L4SwitchActionType equals drop or redirect)
  • true
  • false
L4SwitchActionForwardPriority
Specifies the priority related to one of the 8 hardware priority queues. If you do not define the Template Rule Mode as l4-switch, this object must be zero.
L4SwitchActionForwardDscp
Specifies the DSCP value (0-63). If you do not define the Template Rule Mode as l4-switch, or if the Template Rule Mode L4SwitchActionForwardPriorityState as true, this object must be zero.
L4SwitchActionRedirectlp
Indicates the redirected IP address to send a packet to when it matches an entry of l4-switch mode. If you do not define the Template Rule L4 SwitchActionType as redirect, this object must be 0.0.0.0.
L4SwitchActionRedirectDropUnreachable
Specifies the action to take with this entry. Possible values here include:
  • other - when L4SwitchActionType equals drop or redirect.
  • false- route unreachable packet by using L2/IPv4 router forwarding table.
  • true- drop unreachable packet.

  1. Click Insert to insert a template rule.
  2. The ACL, Insert Template Rule dialog box opens. Note that the contents of this dialog change depending upon the following:
  3. Enter the desired values and selections.
  4. Click Insert.
  5. Click Close.

Go back one pageGo to the next page##Go to this book's Index