Configuring Flow Match Expression Rules

pbnoscli# configure terminal 
pbnoscli(config)# flow flow01
pbnoscli(config-flow-flow01)# 
  !                     Exit from the current prompt
  description           Configure description for flow
  enable                Enable the flow
  end                   Exit to exec prompt
  exit                  Exit from the current prompt
  network-ports         Configure network or TAP ports
  no                    no form
  pop-vlan              Pop Vlan Tag
  push-vlan-tag         Push VLAN tag
  rule                  Configure rule
  show                  Show commands
  tool-ports            Configure network tool or analyzer ports
  top                   Exit to the configuration prompt
pbnoscli(config-flow-flow01)# rule 1 permit description "Match Expression" 
  <cr>
  counters              Enable counters
  dest-ip               Destination IP address
  dscp                  Differentiated services code point
  ethertype             ethernet type, 0x800, 0x8100
  gtp                   GTP Tunneling
  l4portdst             L4 destination port
  l4portsrc             L4 source port
  match-all             Match all
  match-expression      Flow Rule Qualifiers
  protocol              IP protocol
  src-ip                Source IP address
  tcpctl                TCP Control Flags (maximum value is 0x3f)
  tosval                Type of Service
  ttl                   Time-to-live
  udf-data              User Defined Data
  vlan                  Vlan Identifier
pbnoscli(config-flow-flow01)# rule 1 permit description "Match Expression" 
pbnoscli(config-flow-flow01)# $Match Expression" match-expression 
  <matchexpression>     Example qualifiers: ethertype, vlan, src-ip, src-netmask, 
                                            dest-ip, dest-netmask, protocol, l4portsrc,
                                            l4portdst, tosval, dscp, ttl, tcpctl, tcpctlmask,
                                            teid, inner-sip, inner-dip, inner-protocol, 
                                            inner_l4srcport, inner_l4destport
pbnoscli(config-flow-flow01)# $Match Expression" match-expression "vlan 100 src-ip 1.1.1.1/32 dest-ip 2.2.2.2/32 protocol udp inner-sip 10.10.10.1/32 inner-dip 20.20.20.2/32" counters enable
pbnoscli(config-flow-flow01)# end

pbnoscli# show flow all
===================================
Flow : flow01 (CLI)
===================================
Status       : enable          
Network-Port : Ethernet1/1,Ethernet2/1
Tool-Port    : port-channel1,Ethernet8/1

Rule : 1               
++++++++++++++++++++++++++++++++++
Vlan                     : 100             
Source IP                : 1.1.1.1         
Source Mask              : 255.255.255.255 
Destination IP           : 2.2.2.2         
Destination Mask         : 255.255.255.255 
Protocol                 : udp             
Inner Source IP          : 10.10.10.1      
Inner Source Mask        : 255.255.255.255 
Inner Destination IP     : 20.20.20.2      
Inner Destination Mask   : 255.255.255.255 
Action                   : permit          
Description              : Match Expression
Counters                 : enable          
pbnoscli# 

pbnoscli# show flow counters all
Flow-Name       Rule-Id        ASIC-Stat-Id   Counter-Value
=============================================================
flow01          DropRule        40960           42156085        
flow01          1               57344           455049065       
pbnoscli#

pbnoscli# show running-config 
configure terminal
!
interface ethernet Ethernet1/1
forward-error-correction rs
type network
!
interface ethernet Ethernet2/1
forward-error-correction rs
type tool
!
interface mgmt
ip address 10.4.4.53/23 gateway 10.4.4.1
!
port-channel 1 ports Ethernet63/1,Ethernet64/1
flow flow01
network-ports Ethernet16
tool-ports Ethernet20
rule 1 permit description "Match Expression" match-expression "vlan 100 src-ip 1.1.1.1/32 dest-ip 2.2.2.2/32 protocol udp inner-sip 10.10.10.1/32 inner-dip 20.20.20.2/32" counters enable
!
pbnoscli#