Policy Classification Configuration Command Set
Assigning Classification Rules to Policy Profiles
8-30 Matrix NSA Series Configuration Guide
Command Defaults
• If mask is not specified, all data bits will be considered relevant.
Command Type
Switch command.
Command Mode
Read-Write.
Examples
This example shows how to use Table 8-3 to create (and enable) a VLAN classification rule to
policy 2, classification 65, to drop packets from a source IP address of 172.16.1.2:
tcpportsource TCP port source - (0 - 65535)
tcpportdest TCP port destination - (0 - 65535)
macsource Classifies based on MAC source address.
macdest Classifies based on MAC destination address.
ipfrag Classifies based on IP fragmentation value.
port Classifies based on port-string.
class-data-val Data Value of meaning
class-data-mask Number of mask bits to apply to Data Value
Matrix(rw)->set policy classify 2 65 vlan drop ipsource 172.16.1.2