Using match criteria

To identify the packets that belong to a traffic class for further processing by policy actions, use match and ignore commands in a class configuration:
match commands

Define the values that header fields must contain for a packet to belong to the class and be managed by policy actions.

ignore commands

Define the values which, if contained in header fields, exclude a packet from the policy actions configured for the class. An ignored packet is transmitted without having a policy action performed on it.

The switch compares match/ignore statements to the values in packet fields. It compares the specified criteria in the sequential order in which the statements are entered in the class, until a match is found. Be sure to enter match/ignore statements in the precise order in which you want their criteria to be used to check packets.
  • As soon as a field in a packet header matches the criteria in a match statement, the sequential comparison of match criteria in the class stops, and the policy actions configured for the class are executed on the packet.

  • If a packet matches the criteria in an ignore statement, the sequential comparison of match criteria in the class stops, and no policy action is performed on the packet.

If a packet does not match the criteria in any match/ignore statement in a traffic class configuration, one of the following actions is taken:
  • The packet is transmitted without a policy action performed on it.

  • If a default class is configured in the policy, the actions specified in the default-class command are performed on packets that do not match the criteria in preceding classes in the policy.

The following match criteria are supported in match/ignore statements for inbound IPv4/IPv6 traffic:
  • IP source address (IPv4 and IPv6)

  • IP destination address (IPv4 and IPv6)

  • Layer 2 802.1Q VLAN ID

  • Layer 3 IP protocol

  • Layer 3 IP precedence bits

  • Layer 3 DSCP bits

  • Layer 4 TCP/UDP application port (including TCP flags)

  • VLAN ID