security firewall name <name> rule <rule-number> mark <action>
Specifies the DSCP or Priority Code Point (PCP) packet marking action for a firewall rule.
- name
- The name of a firewall rule set.
- rule-number
- The numeric identifier of a rule. The identifier ranges from 1 through 9999.
- dscp dscp-value
- Specifies the DSCP value. For the value, enter one of the following:
number: A DSCP number ranges from 0 through 63. DSCP matches packets with headers that include this DSCP value. If this option is not set, the DSCP field retains its original value.
classifier: The traffic classifier for the per-hop behavior defined by the DS field in the IP header.
- default: The Default Class (00000) for best-effort traffic.
- afnumber: the Assured Forwarding Class for assurance of delivery as defined in RFC 2597. Depending on the forwarding class and the drop precedence, the class can be one of the following values: af11 through af13, af21 through af23, af31 through af33, or af41 through af43.
- csnumber: Class Selector for network devices that use the Precedence field in the IPv4 header. The number ranges from 1 to 7 and indicates the precedence, for example cs1.
- ef: Expedited Forwarding, Per-Hop Behavior.
- va: Voice Admit, Capacity-Admitted Traffic.
- pcp pcp-number
- The 802.1 priority-code point number. The number can range from 0 through 7.
Configuration mode
security {
firewall {
name name {
rule rule-number {
mark {
dscp dscp-value
pcp pcp-number
}
}
}
}
}
Use the set form of this command to define the packet marking action within a firewall rule.
Use the delete form of this command to delete the packet marking action within a firewall rule.
Use the show form of this command to display the packet marking action within a firewall rule.