class ip

Syntax

class ip <CLASS-NAME>

    [<SEQUENCE-NUMBER>]
    {match|ignore}
    {any|ah|gre|esp|icmp|igmp|ospf|pim|<IP-PROTOCOL-NUM>}
    {any|<SRC-IP-ADDRESS>[/{<PREFIX-LENGTH>|<SUBNET-MASK>}]}
    {any|<DST-IP-ADDRESS>[/{<PREFIX-LENGTH>|<SUBNET-MASK>}]}
    [dscp {AF11|AF12|AF13|AF21|AF22|AF23|AF31|AF32|AF33|AF41|AF42|AF43|
          CS0|CS1|CS2|CS3|CS4|CS5|CS6|CS7|EF|<DSCP-VALUE>}] [ecn <ECN-VALUE>] 
    [ip-precedence <IP-PRECEDENCE-VALUE>] [tos <TOS-VALUE>]
    [fragment] [vlan <VLAN-ID>] [ttl <TTL-VALUE>] [count]

    [<SEQUENCE-NUMBER>]
    {match|ignore}
    {sctp|tcp|udp}
    {any|<SRC-IP-ADDRESS>[/{<PREFIX-LENGTH>|<SUBNET-MASK>}]}
    [{eq|gt|lt} <PORT>|range <MIN-PORT> <MAX-PORT>]
    {any|<DST-IP-ADDRESS>[/{<PREFIX-LENGTH>|<SUBNET-MASK>}]}
    [{eq|gt|lt} <PORT>|range <MIN-PORT> <MAX-PORT>]
    [urg] [ack] [psh] [rst][syn] [fin] [established] 
    [dscp {AF11|AF12|AF13|AF21|AF22|AF23|AF31|AF32|AF33|AF41|AF42|AF43|
          CS0|CS1|CS2|CS3|CS4|CS5|CS6|CS7|EF|<DSCP-VALUE>}] [ecn <ECN-VALUE>]
    [ip-precedence <IP-PRECEDENCE-VALUE>] [tos <TOS-VALUE>]
    [vlan <VLAN-ID>] [ttl <TTL-VALUE>] [fragment] [count]

    [<SEQUENCE-NUMBER>] comment <TEXT-STRING>

Description

Creates or modifies an IPv4 traffic class to match specified packets. Class is composed of one or more class entries ordered and prioritized by sequence numbers. With this command, the class can classify traffic based on IPv4 header information.

The no form of the command can be used to delete either an IPv4 traffic class (use no with the class command) or an individual IPv4 traffic class entry (use no with the sequence number).

Command context

config

The class ip <CLASS-NAME> command takes you into the config-class-ip context where you enter the class entries.

Parameters

ip

Specifies create or modify an IPv4 class.

<CLASS-NAME>

Specifies the name of this class.

<SEQUENCE-NUMBER>

Specifies a sequence number for the class entry. Optional. Range: 1-4294967295.

{match|ignore}

Creates a rule to match or ignore specified packets.

comment

Specifies storing the remaining entered text as a class comment.

Protocol

Specifies an IP protocol number or name from the following (enter one only, as indicated in the command syntax):

  • any - Any IP protocol

  • ah

  • gre

  • esp

  • icmp

  • igmp

  • ospf (version 2)

  • pim

  • sctp

  • tcp

  • udp

  • <IP-PROTOCOL-NUM> - Enter an IP protocol number. Range: 1-255.

{any|<SRC-IP-ADDRESS>[/{<PREFIX-LENGTH>|<SUBNET-MASK>}]}

Specifies the source IP host, network address, or the keyword any. You can optionally include the following:

  • <PREFIX-LENGTH> - The address bits to mask (CIDR subnet mask notation). Range: 1-32.

  • <SUBNET-MASK> - The address bits to mask (dotted decimal notation).

{any|<DST-IP-ADDRESS>[/{<PREFIX-LENGTH>|<SUBNET-MASK>}]}

Specifies the destination IP host, network address, or the keyword any. You can optionally include the following:

  • <PREFIX-LENGTH> - The address bits to mask (CIDR subnet mask notation). Range: 1-32.

  • <SUBNET-MASK> - The address bits to mask (dotted decimal notation).

[{eq|gt|lt} <PORT>|range <MIN-PORT> <MAX-PORT>]
Specifies matching using one of the following keywords:
  • eq - Layer 4 port is equal to the specified port.

  • gt - Layer 4 port is greater than the specified port.

  • lt - Layer 4 port is less than the specified port.

Relative to either:
  • <PORT> - A single Layer 4 port (range 0-65535).

  • range <MIN-PORT> <MAX-PORT> - A layer 4 port from the minimum to the maximum port inclusive.

urg

Specifies matching on the TCP Flag: Urgent.

ack

Specifies matching on the TCP Flag: Acknowledgment.

psh

Specifies matching on the TCP Flag: Push buffered data to receiving application.

rst

Specifies matching on the TCP Flag: Reset the connection.

syn

Specifies matching on the TCP Flag: Synchronize sequence numbers.

fin

Specifies matching on the TCP Flag: Finish connection.

established

Specifies matching on the TCP Flag: Established connection.

dscp

Specifies a Differentiated Services Code Point (DSCP) value. Enter either a numeric value (0-63) or a keyword as follows:

  • AF11 - DSCP 10 (Assured Forwarding Class 1, low drop probability)

  • AF12 - DSCP 12 (Assured Forwarding Class 1, medium drop probability)

  • AF13 - DSCP 14 (Assured Forwarding Class 1, high drop probability)

  • AF21 - DSCP 18 (Assured Forwarding Class 2, low drop probability)

  • AF22 - DSCP 20 (Assured Forwarding Class 2, medium drop probability)

  • AF23 - DSCP 22 (Assured Forwarding Class 2, high drop probability)

  • AF31 - DSCP 26 (Assured Forwarding Class 3, low drop probability)

  • AF32 - DSCP 28 (Assured Forwarding Class 3, medium drop probability)

  • AF33 - DSCP 30 (Assured Forwarding Class 3, high drop probability)

  • AF41 - DSCP 34 (Assured Forwarding Class 4, low drop probability)

  • AF42 - DSCP 36 (Assured Forwarding Class 4, medium drop probability)

  • AF43 - DSCP 38 (Assured Forwarding Class 4, high drop probability)

  • CS0 - DSCP 0 (Class Selector 0: Default)

  • CS1 - DSCP 8 (Class Selector 1: Scavenger)

  • CS2 - DSCP 16 (Class Selector 2: OAM)

  • CS3 - DSCP 24 (Class Selector 3: Signaling)

  • CS4 - DSCP 32 (Class Selector 4: Real-time)

  • CS5 - DSCP 40 (Class Selector 5: Broadcast video)

  • CS6 - DSCP 48 (Class Selector 6: Network control)

  • CS7 - DSCP 56 (Class Selector 7)

  • EF - DSCP 46 (Expedited Forwarding)

ecn <ECN-VALUE>

Specifies an Explicit Congestion Notification value (TCP only). Range: 0-3.

ip-precedence <IP-PRECEDENCE-VALUE>

Specifies an IP precedence value. Range: 0-7.

tos <TOS-VALUE>

Specifies a Type of Service value. Range: 0-31.

vlan <VLAN-ID>

Specifies a VLAN ID to match on. Enter a VLAN ID or the VLAN name, if configured.

ttl <TTL-VALUE>

Specifies a time-to-live value to match on. Range: 0-255.

fragment

Specifies matching IP packets with fragment flag set.

count

Keeps the hit counts of the number of packets matching this class entry.

Authority

Administrators

Usage

  • Entering an existing <CLASS-NAME> value will cause the existing class to be modified, with any new <SEQUENCE-NUMBER> value creating an additional class entry, and any existing <SEQUENCE-NUMBER> value replacing the existing class entry with the same sequence number.

  • If no sequence number is specified, a new class entry will be appended to the end of the class with a sequence number equal to the highest policy entry currently in the list plus 10.

Examples

Creating an IPv4 class with three entries:

switch(config)# class ip MY_IP_CLASS
switch(config-class-ip)# 10 match icmp any any
switch(config-class-ip)# 20 ignore udp any any
switch(config-class-ip)# 30 match tcp 192.168.0.1 192.168.0.2
switch(config-class-ip)# exit

switch(config)# do show class
Type       Name
  Sequence Comment
           Action                          L3 Protocol
           Source IP Address               Source L4 Port(s)
           Destination IP Address          Destination L4 Port(s)
           Additional Parameters
-------------------------------------------------------------------------------
IPv4       MY_IP_CLASS
        10 match                           icmp
           any
           any
        20 ignore                          udp
           any
           any
        30 match                           tcp
           192.168.0.1
           192.168.0.2

Adding a comment to an existing IPv4 class entry:

switch(config)# class ip MY_IP_CLASS
switch(config-class-ip)# 30 comment myipClass
switch(config-class-ip)# exit

switch(config)# do show class
Type       Name
  Sequence Comment
           Action                          L3 Protocol
           Source IP Address               Source L4 Port(s)
           Destination IP Address          Destination L4 Port(s)
           Additional Parameters
-------------------------------------------------------------------------------
IPv4       MY_IP_CLASS
        10 match                           icmp
           any
           any
        20 ignore                          udp
           any
           any
        30 myipClass
           match                           tcp
           192.168.0.1
           192.168.0.2

Removing a comment from an existing IPv4 class entry:

switch(config)# class ip MY_IP_CLASS
switch(config-class-ip)# no 30 comment
switch(config-class-ip)# exit

switch(config)# do show class
Type       Name
  Sequence Comment
           Action                          L3 Protocol
           Source IP Address               Source L4 Port(s)
           Destination IP Address          Destination L4 Port(s)
           Additional Parameters
-------------------------------------------------------------------------------
IPv4       MY_IP_CLASS
        10 match                           icmp
           any
           any
        20 ignore                          udp
           any
           any
        30 match                           tcp
           192.168.0.1
           192.168.0.2

Replacing an IPv4 class entry in an existing IPv6 class:

switch(config)# class ip MY_IP_CLASS
switch(config-class-ip)# 10 match igmp any any
switch(config-class-ip)# exit

switch(config)# do show class
Type       Name
  Sequence Comment
           Action                          L3 Protocol
           Source IP Address               Source L4 Port(s)
           Destination IP Address          Destination L4 Port(s)
           Additional Parameters
-------------------------------------------------------------------------------
IPv4       MY_IP_CLASS
        10 match                           igmp
           any
           any
        20 ignore                          udp
           any
           any
        30 match                           tcp
           192.168.0.1
           192.168.0.2

Removing an IPv4 class entry:

switch(config)# class ip MY_IP_CLASS
switch(config-class-ip)# no 10
switch(config-class-ip)# exit

switch(config)# do show class
Type       Name
  Sequence Comment
           Action                          L3 Protocol
           Source IP Address               Source L4 Port(s)
           Destination IP Address          Destination L4 Port(s)
           Additional Parameters
-------------------------------------------------------------------------------
IPv4       MY_IP_CLASS
       11  ignore                          udp
           any
           any
       21  match                           tcp
           192.168.0.1
           192.168.0.2

Removing an IPv4 class. Removing a class with entries removes all its entries as well. If a class associated with a policy entry (or multiple policy entries) is removed, the corresponding entries are also removed.

switch(config)# no class ip MY_IP_CLASS

switch(config)# do show class
Type       Name
  Sequence Comment
           Action                          L3 Protocol
           Source IP Address               Source L4 Port(s)
           Destination IP Address          Destination L4 Port(s)
           Additional Parameters
-------------------------------------------------------------------------------
IPv4       MY_IP_CLASS2
       11  ignore                          udp
           any
           any
       21  match                           tcp
           192.168.0.1
           192.168.0.2