# Configuring Flow Rules (NVIDIA)

You can configure a rule with certain qualifiers to aggregate and filter traffic from network port(s) to tool port(s) for monitoring. 

{% hint style="info" %}
Before configuring flow rules, Network and Tool ports must be configured
{% endhint %}

#### Reference

<table data-header-hidden><thead><tr><th width="375"></th><th></th><th data-hidden></th></tr></thead><tbody><tr><td>Command</td><td><p>rule  &#x3C;ruleid> (deny | permit ) [description &#x3C;cstring>] ([ethertype &#x3C;etype>] [vlan &#x3C;vid>] [src-ip (&#x3C;ipv4> | &#x3C;ipv6 > src-netmask &#x3C;ipv6 >)] [dest-ip (&#x3C;ipv4> | &#x3C;ipv6 > dest-netmask &#x3C;ipv6 >)] [protocol (tcp | udp | &#x3C;ptype >)] [l4portsrc &#x3C;sport>] [l4portdst  &#x3C;dport>] [tosval &#x3C;sval >] [dscp &#x3C;dval>] [ttl &#x3C;tval>] [tcpctl &#x3C;flags > tcpctlmask &#x3C;tcpmask >] | match_all [ipv6]) [counters (enable | disable)]</p><p><br>no rule &#x3C;ruleid></p></td><td></td></tr><tr><td>Description</td><td>Rule configuration</td><td></td></tr><tr><td>Parameters</td><td><ul><li><strong>ruleid</strong>: It should be in the range 1 to 6000</li><li><strong>description</strong>: max 50 characters</li><li><strong>ethertype:</strong> hexadecimal value prefix with 0x. max 4 characters. </li><li><strong>vlan</strong>: VLAN id 2 to 4094 </li><li><strong>src-ip</strong>: source IP address </li><li><strong>dest-ip</strong>: Destination IP address </li><li><strong>protocol</strong>: L3 Protocol </li><li><strong>l4portsrc</strong>: L4 source port for TCP or UDP </li><li><strong>l4portdst</strong>: L4 source port for TCP or UDP </li><li><strong>tossval</strong>: Type of Service </li><li><strong>dscp</strong>: Differentiated services code point. </li><li><strong>ttl</strong>: Time-to-live </li><li><strong>tcpctl</strong>: TCP control flags</li></ul></td><td></td></tr><tr><td>Mode</td><td>FLOW</td><td></td></tr></tbody></table>

#### Example

```
pbnoscli# configure terminal 
pbnoscli(config)# flow flow01
pbnoscli(config-flow-flow01)# 
  !                     Exit from the current prompt
  description           Configure description for flow
  enable                Enable the flow
  end                   Exit to exec prompt
  exit                  Exit from the current prompt
  network-ports         Configure network or TAP ports
  no                    no form
  pop-vlan              Pop Vlan Tag
  push-vlan-tag         Push VLAN tag
  rule                  Configure rule
  show                  Show commands
  tool-ports            Configure network tool or analyzer ports
  top                   Exit to the configuration prompt
pbnoscli(config-flow-flow01)# rule 1 
  action                Add rule specific action
  deny                  Deny traffic
  permit                Permit traffic
pbnoscli(config-flow-flow01)# rule 1 permit 
  <cr>
  counters              Enable counters
  description           Add description within double quotes
  dest-ip               Destination IP address
  dscp                  Differentiated services code point
  ethertype             ethernet type, 0x800, 0x8100
  gtp                   GTP Tunneling
  l4portdst             L4 destination port
  l4portsrc             L4 source port
  match-all             Match all
  protocol              IP protocol
  qualifiers            Flow Rule Qualifiers
  src-ip                Source IP address
  tcpctl                TCP Control Flags
  tosval                Type of Service
  ttl                   Time-to-live
  vlan                  Vlan Identifier
pbnoscli(config-flow-flow01)# rule 1 permit src-ip 10.10.0.0/24 dest-ip 20.0.20.0/24 counters enable 

//to remove a rule
pbnoscli(config-flow-flow01)# no rule 1
pbnoscli(config-flow-flow01)#
```

You can verify the configuration by using the command(s) below:

```
pbnoscli# show flow summary 
Flow-Name       Rule-Id        Status      Counter-Value
=========================================================
flow01          1             Active          1675               
pbnoscli# 

pbnoscli# show flow flow01

===================================
Flow : flow01 (CLI)
===================================
Status       : enable          
Network-Port : Ethernet1/1,Ethernet2/1
Tool-Port    : port-channel1,Ethernet8/1

Rule : 1               
++++++++++++++++++++++++++++++++++
Action                   : permit          
Source IP                : 2401::1         
Source Mask              : f::f            
Destination IP           : 2401::2         
Destination Mask         : f::f            
Counters                 : enable          
pbnoscli# 
```

```
\\Configuring IPv4 rules
pbnoscli# show running-config 
configure terminal
port-channel 1 ports Ethernet63/1,Ethernet64/1
!
interface ethernet Ethernet1/1
forward-error-correction rs
type network
!
interface ethernet Ethernet2/1
forward-error-correction rs
type network
!
interface mgmt
ip address 10.4.4.53/23 gateway 10.4.4.1
!
flow flow01
description "--Flow Description--"
network-ports Ethernet1/1,Ethernet2/1
tool-ports port-channel1,Ethernet8/1
rule 1 permit src-ip 10.10.0.0/24 dest-ip 20.0.20.0/24 counters enable
!
pbnoscli# 
```

```
\\Configuring IPv6 rules
pbnoscli# show running-config 
configure terminal
port-channel 1 ports Ethernet63/1,Ethernet64/1
!
interface ethernet Ethernet1/1
forward-error-correction rs
type network
!
interface ethernet Ethernet2/1
forward-error-correction rs
type network
!
interface mgmt
ip address 10.4.4.53/23 gateway 10.4.4.1
!
flow flow01
description "--Flow Description--"
network-ports Ethernet1/1,Ethernet2/1
tool-ports port-channel1,Ethernet8/1
rule 1 permit src-ip 2401::1 src-netmask f::f dest-ip 2401::2 dest-netmask f::f counters enable
!
pbnoscli# 
```