Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
pbnoscli# configure terminal
pbnoscli(config)# flow flow01
pbnoscli(config-flow-flow01)# descript
description Configure description for flow
pbnoscli(config-flow-flow01)# description "--Flow Description--"
pbnoscli(config-flow-flow01)#
//to remove flow description
pbnoscli(config-flow-flow01)# no description
pbnoscli(config-flow-flow01)# pbnoscli# show flow flow01
===================================
Flow : flow01 (CLI)
===================================
Status : enable
Description : --Flow Description--
pbnoscli# pbnoscli# show running-config
configure terminal
!
interface mgmt
ip address 10.4.4.53/23 gateway 10.4.4.1
!
flow flow01
description "--Flow Description--"
!
pbnoscli# pbnoscli# clear flow counters all
pbnoscli#
pbnoscli# clear flow counters flow01
pbnoscli# pbnoscli# configure terminal
pbnoscli(config)# flow flow01
pbnoscli(config-flow-flow01)# network-
network-ports Configure network or TAP ports
pbnoscli(config-flow-flow01)# network-ports Ethernet1/1,Ethernet2/1
pbnoscli(config-flow-flow01)# pbnoscli# configure terminal
pbnoscli(config)# flow flow01
pbnoscli(config-flow-flow01)# network-ports Ethernet1/1,Ethernet2/1
pbnoscli(config-flow-flow01)# tool-
tool-ports Configure network tool or analyzer ports
pbnoscli(config-flow-flow01)# tool-ports port-channel1,Ethernet8/1
pbnoscli(config-flow-flow01)#pbnoscli# show flow flow01
===================================
Flow : flow01 (CLI)
===================================
Status : enable
Network-Port : Ethernet1/1,Ethernet2/1
Tool-Port : port-channel1,Ethernet8/1
pbnoscli# pbnoscli# show running-config
configure terminal
port-channel 1 ports Ethernet63/1,Ethernet64/1
!
interface ethernet Ethernet1/1
forward-error-correction rs
type network
!
interface ethernet Ethernet2/1
forward-error-correction rs
type network
!
interface mgmt
ip address 10.4.4.53/23 gateway 10.4.4.1
!
flow flow01
network-ports Ethernet1/1,Ethernet2/1
tool-ports port-channel1,Ethernet8/1
!
pbnoscli# pbnoscli# configure terminal
pbnoscli(config)# flow flow01
pbnoscli(config-flow-flow01)# network-ports Ethernet4
pbnoscli(config-flow-flow01)# tool-ports Ethernet8
pbnoscli(config-flow-flow01)# rule 1
action Add rule specific action
deny Deny traffic
permit Permit traffic
pbnoscli(config-flow-flow01)# rule 1 action
<cr>
override-pop-vlan Override action to pop the VLAN
override-push-vlan-tag Override action to push VLAN Tag
override-to Override to configure a rule specific network tool or analyzer ports
pbnoscli(config-flow-flow01)# rule 1 action override-to Ethernet12pbnoscli# show flow all
===================================
Flow : flow01 (CLI)
===================================
Status : enable
Network-Port : Ethernet4/1
Tool-Port : Ethernet8/1
Rule : 1
++++++++++++++++++++++++++++++++++
Action : permit
Source IP : 10.10.0.0
Source Mask : 255.255.255.0
Destination IP : 20.0.20.0
Destination Mask : 255.255.255.0
Counters : enable
Override To : Ethernet12/1
pbnoscli# pbnoscli# show running-config
configure terminal
!
interface ethernet Ethernet1/1
forward-error-correction rs
type network
!
interface ethernet Ethernet4/1
forward-error-correction rs
type network
!
interface ethernet Ethernet8/1
forward-error-correction rs
type tool
!
interface ethernet Ethernet12/1
forward-error-correction rs
type tool
!
interface mgmt
ip address 10.4.4.53/23 gateway 10.4.4.1
!
flow flow01
network-ports Ethernet1/1,Ethernet4/1
tool-ports Ethernet8/1
rule 1 permit src-ip 10.10.0.0/24 dest-ip 20.0.20.0/24 counters enable
rule 1 action override-to Ethernet12/1
!
pbnoscli# pbnoscli# configure terminal
pbnoscli(config)# flow flow01
pbnoscli(config-flow-flow01)#
! Exit from the current prompt
description Configure description for flow
enable Enable the flow
end Exit to exec prompt
exit Exit from the current prompt
network-ports Configure network or TAP ports
no no form
pop-vlan Pop Vlan Tag
push-vlan-tag Push VLAN tag
rule Configure rule
show Show commands
tool-ports Configure network tool or analyzer ports
top Exit to the configuration prompt
pbnoscli(config-flow-flow01)# exit
//to delete a flow
pbnoscli(config)# no flow flow01
pbnoscli(config)pbnoscli# show flow counters all
Flow-Name Rule-Id ASIC-Stat-Id Counter-Value
=============================================================
flow01 DropRule 32768 0
flow01 1 40960 0
pbnoscli# pbnoscli# show flow flow01
===================================
Flow : flow01 (CLI)
===================================
Status : enable
Network-Port : Ethernet1/1,Ethernet2/1
pbnoscli# pbnoscli# show running-config
configure terminal
!
interface ethernet Ethernet1/1
forward-error-correction rs
type network
!
interface ethernet Ethernet2/1
forward-error-correction rs
type network
!
interface mgmt
ip address 10.4.4.53/23 gateway 10.4.4.1
!
flow flow01
network-ports Ethernet0,Ethernet4
!
pbnoscli# pbnoscli# configure terminal
pbnoscli(config)# flow flow01
pbnoscli(config-flow-flow01)#
! Exit from the current prompt
description Configure description for flow
enable Enable the flow
end Exit to exec prompt
exit Exit from the current prompt
network-ports Configure network or TAP ports
no no form
rule Configure rule
show Show commands
tool-ports Configure network tool or analyzer ports
top Exit to the configuration prompt
pbnoscli(config-flow-flow01)# rule 1
action Add rule specific action
deny Deny traffic
ipv6 IPv6 Rule
permit Permit traffic
pbnoscli(config-flow-flow01)# rule 1 ipv6
deny Deny traffic
permit Permit traffic
pbnoscli(config-flow-flow01)# rule 1 ipv6
pbnoscli(config-flow-flow01)# rule 1 permit
<cr>
counters Enable counters
description Add description within double quotes
dest-ip Destination IP address
dscp Differentiated services code point
ethertype ethernet type, 0x800, 0x8100
l4portdst L4 destination port
l4portsrc L4 source port
match-all Match all
protocol IP protocol
src-ip Source IP address
tcpctl TCP Control Flags
tosval Type of Service
ttl Time-to-live
vlan Vlan Identifier
pbnoscli(config-flow-flow01)# rule 1 permit src-ip 10.10.0.0/24 dest-ip 20.0.20.0/24 counters enable
//to remove a rule
pbnoscli(config-flow-flow01)# no rule 1
pbnoscli(config-flow-flow01)#pbnoscli# show flow summary
Flow-Name Rule-Id Status Counter-Value
=========================================================
flow01 1 Active 1671
pbnoscli# show flow flow01
===================================
Flow : flow01 (CLI)
===================================
Status : enable
Network-Port : Ethernet1/1,Ethernet2/1
Tool-Port : port-channel1,Ethernet8/1
Rule : 1
++++++++++++++++++++++++++++++++++
Action : permit
Source IP : 10.10.0.0
Source Mask : 255.255.255.0
Destination IP : 20.0.20.0
Destination Mask : 255.255.255.0
Counters : enable
pbnoscli# \\Configuring IPv4 rules
pbnoscli# show running-config
configure terminal
port-channel 1 ports Ethernet63/1,Ethernet64/1
!
interface ethernet Ethernet1/1
forward-error-correction rs
type network
!
interface ethernet Ethernet2/1
forward-error-correction rs
type network
!
interface mgmt
ip address 10.4.4.53/23 gateway 10.4.4.1
!
flow flow01
description "--Flow Description--"
network-ports Ethernet1/1,Ethernet2/1
tool-ports port-channel1,Ethernet8/1
rule 1 permit src-ip 10.10.0.0/24 dest-ip 20.0.20.0/24 counters enable
!
pbnoscli# \\Configuring IPv6 rules
pbnoscli# show running-config
configure terminal
port-channel 1 ports Ethernet63/1,Ethernet64/1
!
interface ethernet Ethernet1/1
forward-error-correction rs
type network
!
interface ethernet Ethernet2/1
forward-error-correction rs
type network
!
interface mgmt
ip address 10.4.4.53/23 gateway 10.4.4.1
!
flow flow01
description "--Flow Description--"
network-ports Ethernet1/1,Ethernet2/1
tool-ports port-channel1,Ethernet8/1
rule 1 ipv6 permit src-ip 2401::1 src-netmask f::f dest-ip 2401::2 dest-netmask f::f counters enable
!
pbnoscli# pbnoscli# configure terminal
pbnoscli(config)# flow flow01
pbnoscli(config-flow-flow01)#
! Exit from the current prompt
description Configure description for flow
enable Enable the flow
end Exit to exec prompt
exit Exit from the current prompt
network-ports Configure network or TAP ports
no no form
pop-vlan Pop Vlan Tag
push-vlan-tag Push VLAN tag
rule Configure rule
show Show commands
tool-ports Configure network tool or analyzer ports
top Exit to the configuration prompt
pbnoscli(config-flow-flow01)# rule 1 permit description "UDF" udf-data 0xb166 udf-extraction-group l2 udf-offset 2 counters enable
pbnoscli(config-flow-flow01)# rule 2 permit description "UDF" udf-data 0x4500 udf-extraction-group l3 udf-extraction-point ipv4 udf-offset 0 counters enable
pbnoscli(config-flow-flow01)# endpbnoscli# show flow all
===================================
Flow : flow01 (CLI)
===================================
Status : enable
Network-Port : Ethernet1/1
Tool-Port : Ethernet2/1
Rule : 1
++++++++++++++++++++++++++++++++++
Action : permit
Description : UDF
UDF Data : 0xb166
UDF Extraction Group : l2
UDF Offset : 2
Counters : enable
Rule : 2
++++++++++++++++++++++++++++++++++
Action : permit
Description : UDF
UDF Data : 0x4500
UDF Extraction Group : l3
UDF Extraction Point : ipv4
UDF Offset : 0
Counters : enable
pbnoscli#
pbnoscli# show flow counters all
Flow-Name Rule-Id ASIC-Stat-Id Counter-Value
=============================================================
flow01 2 98304 503378220
flow01 DropRule 73728 4390145
flow01 1 90112 2270112825
pbnoscli# pbnoscli# show running-config
configure terminal
!
interface ethernet Ethernet1/1
forward-error-correction rs
type network
!
interface ethernet Ethernet2/1
forward-error-correction rs
type tool
!
interface mgmt
ip address 10.4.4.53/23 gateway 10.4.4.1
!
flow flow01
network-ports Ethernet1/1
tool-ports Ethernet2/1
rule 1 permit description "UDF" udf-data 0xb166 udf-extraction-group l2 udf-offset 2 counters enable
rule 2 permit description "UDF" udf-data 0x4500 udf-extraction-group l3 udf-extraction-point ipv4 udf-offset 0 counters enable
!
pbnoscli# pbnoscli# configure terminal
pbnoscli(config)# flow flow01
pbnoscli(config-flow-flow01)# push-vlan-tag
<pushvlanid> Add VLAN tag (1...4094)
pbnoscli(config-flow-flow01)# push-vlan-tag 1002
pbnoscli(config-flow-flow01)#
//to remove push tag
pbnoscli(config-flow-flow01)# no push-vlan-tag
pbnoscli(config-flow-flow01)# pbnoscli# show flow flow01
===================================
Flow : flow01 (CLI)
===================================
Status : enable
Network-Port : Ethernet1/1,Ethernet2/1
Tool-Port : Ethernet8/1
Push vlan : enable
pbnoscli# pbnoscli# show running-config
configure terminal
!
interface ethernet Ethernet1/1
forward-error-correction rs
type network
!
interface ethernet Ethernet2/1
forward-error-correction rs
type network
!
interface ethernet Ethernet8/1
forward-error-correction rs
type tool
!
interface mgmt
ip address 10.4.4.53/23 gateway 10.4.4.1
!
flow flow01
network-ports Ethernet1/1,Ethernet2/1
tool-ports Ethernet8/1
push-vlan-tag 1002
!
pbnoscli# pbnoscli# configure terminal
pbnoscli(config)# flow flow01
pbnoscli(config-flow-flow01)# pop-vlan
disable Disable Vlan stripping
enable Enable Vlan stripping
pbnoscli(config-flow-flow01)# pop-vlan enable
pbnoscli(config-flow-flow01)#
//to disable pop-vlan
pbnoscli(config-flow-flow01)# pop-vlan disable
pbnoscli(config-flow-flow01)# pbnoscli# show flow flow01
===================================
Flow : flow01 (CLI)
===================================
Status : enable
Network-Port : Ethernet1/1,Ethernet2/1
Tool-Port : Ethernet8/1
Pop vlan : enable
pbnoscli# pbnoscli# show running-config
configure terminal
!
interface ethernet Ethernet1/1
forward-error-correction rs
type network
!
interface ethernet Ethernet2/1
forward-error-correction rs
type network
!
interface ethernet Ethernet8/1
forward-error-correction rs
type tool
!
interface mgmt
ip address 10.4.4.53/23 gateway 10.4.4.1
!
flow flow01
network-ports Ethernet1/1,Ethernet4/1
tool-ports Ethernet8/1
pop-vlan enable
!
pbnoscli# pbnoscli# show flow counters all rate
Flow-Name Rate (BPS) Rate (PPS)
===============================================================
flow1 0.15 B/s 0.00 P/s
pbnoscli#pbnoscli# show flow all
===================================
Flow : flow01 (CLI)
===================================
Status : enable
Network-Port : Ethernet4/1
Tool-Port : Ethernet8/1
Rule : 1
++++++++++++++++++++++++++++++++++
Action : permit
Source IP : 10.10.0.0
Source Mask : 255.255.255.0
Destination IP : 20.0.20.0
Destination Mask : 255.255.255.0
Counters : enable
Override To : Ethernet12/1
===================================
Flow : flow02 (CLI)
===================================
Status : enable
Network-Port : Ethernet16/1
Tool-Port : Ethernet20/1
Rule : 1
++++++++++++++++++++++++++++++++++
Action : permit
Source IP : 2401::1
Source Mask : f::f
Destination IP : 2401::2
Destination Mask : f::f
TTL : 30
Protocol : tcp
Tosval : 4
Counters : enable
pbnoscli# pbnoscli# show flow flow02 rule 1
===================================
Flow : flow02 (CLI)
===================================
Status : enable
Network-Port : Ethernet16/1
Tool-Port : Ethernet20/1
Rule : 1
++++++++++++++++++++++++++++++++++
Action : permit
Source IP : 2401::1
Source Mask : f::f
Destination IP : 2401::2
Destination Mask : f::f
TTL : 30
Protocol : tcp
Tosval : 4
Counters : enable
pbnoscli# pbnoscli# show flow summary
Flow-Name Rule-Id Status Counter-Value
=========================================================
flow01 1 Active 5643
flow02 1 Active 18236
pbnoscli# pbnoscli# show flow counters all
Flow-Name Rule-Id ASIC-Stat-Id Counter-Value
=============================================================
flow02 1 65536 18236
flow01 1 40960 5643
flow02 DropRule 57344 14
flow01 DropRule 32768 18
pbnoscli# pbnoscli# show flow counters flow01
Flow-Name Rule-Id ASIC-Stat-Id Counter-Value
=============================================================
flow01 1 40960 5643
flow01 DropRule 32768 18
pbnoscli# pbnoscli# configure terminal
pbnoscli(config)# flow flow01
pbnoscli(config-flow-flow01)#
! Exit from the current prompt
description Configure description for flow
enable Enable the flow
end Exit to exec prompt
exit Exit from the current prompt
network-ports Configure network or TAP ports
no no form
pop-vlan Pop Vlan Tag
push-vlan-tag Push VLAN tag
rule Configure rule
show Show commands
tool-ports Configure network tool or analyzer ports
top Exit to the configuration prompt
pbnoscli(config-flow-flow01)# rule 1 permit description "Match Expression"
<cr>
counters Enable counters
dest-ip Destination IP address
dscp Differentiated services code point
ethertype ethernet type, 0x800, 0x8100
gtp GTP Tunneling
l4portdst L4 destination port
l4portsrc L4 source port
match-all Match all
match-expression Flow Rule Qualifiers
protocol IP protocol
src-ip Source IP address
tcpctl TCP Control Flags (maximum value is 0x3f)
tosval Type of Service
ttl Time-to-live
udf-data User Defined Data
vlan Vlan Identifier
pbnoscli(config-flow-flow01)# rule 1 permit description "Match Expression"
pbnoscli(config-flow-flow01)# $Match Expression" match-expression
<matchexpression> Example qualifiers: ethertype, vlan, src-ip, src-netmask,
dest-ip, dest-netmask, protocol, l4portsrc,
l4portdst, tosval, dscp, ttl, tcpctl, tcpctlmask,
teid, inner-sip, inner-dip, inner-protocol,
inner_l4srcport, inner_l4destport
pbnoscli(config-flow-flow01)# $Match Expression" match-expression "vlan 100 src-ip 1.1.1.1/32 dest-ip 2.2.2.2/32 protocol udp inner-sip 10.10.10.1/32 inner-dip 20.20.20.2/32" counters enable
pbnoscli(config-flow-flow01)# endpbnoscli# show flow all
===================================
Flow : flow01 (CLI)
===================================
Status : enable
Network-Port : Ethernet1/1,Ethernet2/1
Tool-Port : port-channel1,Ethernet8/1
Rule : 1
++++++++++++++++++++++++++++++++++
Vlan : 100
Source IP : 1.1.1.1
Source Mask : 255.255.255.255
Destination IP : 2.2.2.2
Destination Mask : 255.255.255.255
Protocol : udp
Inner Source IP : 10.10.10.1
Inner Source Mask : 255.255.255.255
Inner Destination IP : 20.20.20.2
Inner Destination Mask : 255.255.255.255
Action : permit
Description : Match Expression
Counters : enable
pbnoscli#
pbnoscli# show flow counters all
Flow-Name Rule-Id ASIC-Stat-Id Counter-Value
=============================================================
flow01 DropRule 40960 42156085
flow01 1 57344 455049065
pbnoscli#pbnoscli# show running-config
configure terminal
!
interface ethernet Ethernet1/1
forward-error-correction rs
type network
!
interface ethernet Ethernet2/1
forward-error-correction rs
type tool
!
interface mgmt
ip address 10.4.4.53/23 gateway 10.4.4.1
!
port-channel 1 ports Ethernet63/1,Ethernet64/1
flow flow01
network-ports Ethernet16
tool-ports Ethernet20
rule 1 permit description "Match Expression" match-expression "vlan 100 src-ip 1.1.1.1/32 dest-ip 2.2.2.2/32 protocol udp inner-sip 10.10.10.1/32 inner-dip 20.20.20.2/32" counters enable
!
pbnoscli# pbnoscli# configure terminal
pbnoscli(config)# flow flow01
pbnoscli(config-flow-flow01)#
! Exit from the current prompt
description Configure description for flow
enable Enable the flow
end Exit to exec prompt
exit Exit from the current prompt
network-ports Configure network or TAP ports
no no form
pop-vlan Pop Vlan Tag
push-vlan-tag Push VLAN tag
rule Configure rule
show Show commands
tool-ports Configure network tool or analyzer ports
top Exit to the configuration prompt
pbnoscli(config-flow-flow01)# rule 1
action Add rule specific action
deny Deny traffic
permit Permit traffic
pbnoscli(config-flow-flow01)# rule 1 permit
<cr>
counters Enable counters
description Add description within double quotes
dest-ip Destination IP address
dscp Differentiated services code point
ethertype ethernet type, 0x800, 0x8100
gtp GTP Tunneling
l4portdst L4 destination port
l4portsrc L4 source port
match-all Match all
protocol IP protocol
qualifiers Flow Rule Qualifiers
src-ip Source IP address
tcpctl TCP Control Flags
tosval Type of Service
ttl Time-to-live
vlan Vlan Identifier
pbnoscli(config-flow-flow01)# rule 1 permit src-ip 10.10.0.0/24 dest-ip 20.0.20.0/24 counters enable
//to remove a rule
pbnoscli(config-flow-flow01)# no rule 1
pbnoscli(config-flow-flow01)#pbnoscli# show flow summary
Flow-Name Rule-Id Status Counter-Value
=========================================================
flow01 1 Active 1675
pbnoscli#
pbnoscli# show flow flow01
===================================
Flow : flow01 (CLI)
===================================
Status : enable
Network-Port : Ethernet1/1,Ethernet2/1
Tool-Port : port-channel1,Ethernet8/1
Rule : 1
++++++++++++++++++++++++++++++++++
Action : permit
Source IP : 2401::1
Source Mask : f::f
Destination IP : 2401::2
Destination Mask : f::f
Counters : enable
pbnoscli# \\Configuring IPv4 rules
pbnoscli# show running-config
configure terminal
port-channel 1 ports Ethernet63/1,Ethernet64/1
!
interface ethernet Ethernet1/1
forward-error-correction rs
type network
!
interface ethernet Ethernet2/1
forward-error-correction rs
type network
!
interface mgmt
ip address 10.4.4.53/23 gateway 10.4.4.1
!
flow flow01
description "--Flow Description--"
network-ports Ethernet1/1,Ethernet2/1
tool-ports port-channel1,Ethernet8/1
rule 1 permit src-ip 10.10.0.0/24 dest-ip 20.0.20.0/24 counters enable
!
pbnoscli# \\Configuring IPv6 rules
pbnoscli# show running-config
configure terminal
port-channel 1 ports Ethernet63/1,Ethernet64/1
!
interface ethernet Ethernet1/1
forward-error-correction rs
type network
!
interface ethernet Ethernet2/1
forward-error-correction rs
type network
!
interface mgmt
ip address 10.4.4.53/23 gateway 10.4.4.1
!
flow flow01
description "--Flow Description--"
network-ports Ethernet1/1,Ethernet2/1
tool-ports port-channel1,Ethernet8/1
rule 1 permit src-ip 2401::1 src-netmask f::f dest-ip 2401::2 dest-netmask f::f counters enable
!
pbnoscli#