Creating Classifier Groups and Policy Rules ! 37
Chapter 2: Creating Policies
color
! Use to color a packet matching the current CLACL as green, yellow, or red:
! green—Highest precedence
! yellow—Intermediate precedence
! red—Lowest precedence
! Example
host1(config-policy-list-classifier-group)#color green
! Use the suspend version to suspend the color rule within the classifier group.
! Use the no version to remove the color rule from the classifier group.
color-mark-profile
! Use to translate the packet color and apply it after it exits the rate-limit
hierarchy.
! Example
host1(config)#ip color-mark-profile A
! Use the no version to restore the default.
exception http-redirect
! Use to create the exception rule within an IP policy classifier group to specify
the client application for the destination of packets rather than forwarding them
by the forwarding controller (FC). Doing this enables the application to then
perform an application-dependent action on the content of the packet.
! The exception rule applies to input and secondary-input policies.
! An exception rule in the input policy only takes effect if neither the input policy
nor the secondary policy drops the packet. Packets dropped by input or
secondary policies are not exceptioned to the SRP.
! HTTP redirect is the only application that is available as a destination of the
exception rule.
! Because classifier groups can contain multiple actions, the following list
describes how each rule interacts with the exception rule:
! color—Packets are colored and the exception rule is applied.
! filter—Packets are filtered and the exception rule is not applied. When the
filter rule is present, other rules are not applied.
! forward—Forward rule is ignored and the exception rule is applied to
packets.
! log—Packets are logged and the exception rule is applied.
! mark—Packets are marked and the exception rule is applied.
! next-hop—Next-hop rule is ignored and the exception rule is applied to
packets.
! next-interface—Next-interface rule is ignored and the exception rule is
applied to packets.
To Next Page
Loading...
Need help?
General
