security firewall name <name> rule <rule-number> dscp <value>
Specifies the Differentiated Services Code Point (DSCP) value for a firewall rule.
- dscp value
- Specifies the DSCP value to match in the incoming IP header. For the value, enter one of the following:
number: A DSCP number ranges from 0 through 63. DSCP matches packets with headers that include this DSCP value. If this option is not set, the DSCP field retains its original value.
classifier: The traffic classifier for the per-hop behavior defined by the DS field in the IP header.
- default: The Default Class (00000) for best-effort traffic.
- afnumber: The Assured Forwarding Class for assurance of delivery as defined in RFC 2597. Depending on the forwarding class and the drop precedence, the class can be one of the following values: af11 through af13, af21 through af23, af31 through af33, or af41 through af43.
- csnumber: Class Selector for network devices that use the Precedence field in the IPv4 header. The number ranges from 1 to 7 and indicates the precedence, for example cs1.
- ef: Expedited Forwarding, per-hop behavior.
- va: Voice Admit, Capacity-Admitted Traffic.
Configuration mode
security {
firewall {
name name {
rule rule-number {
dscp value
}
}
}
}
Use the set form of this command to define the DSCP value to match.
Use the delete form of this command to delete the DSCP value.
Use the show form of this command to display the DSCP value for a firewall rule.