Set Condition

The Expert Mode Set Condition Screen contains a list of Conditions that you can configure for the Policy (e.g., Interface Condition, MAC Condition). When you create a Condition, the Condition(s) you configure must be true before traffic is allowed to flow. Click on a Condition to display the configuration options for the Condition. (Click again on the Condition to close the configuration options.) When you have completed all of the parameters for the Condition(s), click the Next button at the bottom of the screen or click on Set Action on the left side of the screen to move to the next step. If necessary, you can also click the Back button to return to the screen.

Conditions

A brief description of each Condition is provided below. Click the hyperlink for each Condition for detailed configuration instructions.

L1 Interfaces - Create a Condition that applies the policy to traffic flowing from a specific source interface type or to traffic flowing to a specific destination interface type.
L2 MACs - Create a Condition that applies the policy to traffic originating from a MAC address/group or to traffic flowing to a MAC address/group. (Note that any MAC address may contain wildcard characters).
L2 VLANs - Create a Condition that applies the policy to traffic flowing from a source VLAN to a destination VLAN, or to traffic flowing from one source VLAN to any destination VLAN, or to traffic flowing from any source VLAN to one destination VLAN.
L2 802.1P - Create a Condition that applies the policy to traffic with a specified 802.1 priority value.
L3 IPs - Create a Condition that applies the policy to traffic originating from an IP address/network group or to traffic flowing to an IP address/network group. (Note that any IP address can be masked).
L3 DSCP/TOS - Create a Condition that applies the policy to traffic with a specified value in either the DSCP (Differentiated Services Code Point) byte or in the IP TOS (IP Type of Service) byte. Both DSCP and IP TOS are mechanisms used to convey QoS information in the IP header of frames.
L3 TCP Flags - Creates a Condition that applies the policy to traffic based on TCP values.
L4 Services - Create a Condition that applies the policy to traffic flowing between two TCP or UDP ports, or to all traffic originating from a TCP or UDP port, or to all traffic flowing to a TCP or UDP port. You can also create a Condition using an existing service/service group.
L7 Applications - Create a Condition that applies the policy to traffic associated with a specific Application Group.
Application Visibility - Create a condition that applies the policy to traffic associated with a specific Application Group. Application Name Conditions are not supported at this time.
VXLAN - Create a VM Snooping Condition that applies to incoming VXLAN packets.

Note: Please refer to the switch Release Notes for information on the specific QoS functions available on various platforms and combinations of hardware/firmware.

L1 Interfaces

An Interface Condition applies the Policy to a traffic flowing from/to an interface type. Select the parameter(s) you want to configure by selecting the applicable checkbox, then select an option from the drop-down menu.

Source Interface - Selecting a Source Interface type, restricts the policy to a traffic type that flows from that interface type only. If you do not select this option, you are effectively stating that the source traffic type is not a criterion for the Policy.
Destination Interface - Selecting a Destination Interface, restricts the policy to a traffic type that flows to that interface type only. If you do not select this option, you are effectively stating that the destination traffic type is not a criterion for the policy.
Other Type - Entering an Ethernet Type, restricts the policy to this type of ethernet traffic. If you do not select this option, you are effectively stating that the ethernet type is not a criterion for the policy.

L2 MACs

A MAC Condition applies the Policy to traffic flowing from/to a MAC Address/Group. Note that Layer 2 Conditions (conditions that specify MAC Addresses) are "lost" when traffic passes through a router. For this reason, it may be advisable to specify other types of Conditions (such as a Layer 3 Condition, which specifies IP Addresses) when traffic is expected to travel more than one router hop.

Select the parameter(s) you want to configure by selecting the applicable checkbox. Click on Single to configure a single MAC Address or Group to configure a MAC Group, then enter a MAC address or select a MAC Group from the drop-down menu. (You can also click the Add icon to go to the Groups application and create a new MAC Group.)

Source MAC Address/MAC Group - Configuring a Source MAC Address/Group Condition restricts the policy to traffic that flows from this MAC Address/Group only. If you do not select this option, you are effectively stating that the Source MAC Address/Group traffic is not a criterion for the policy.
Destination MAC Address/MAC Group - Configuring a Destination MAC Address/Group Condition restricts the policy to traffic that flows to this MAC Address/Group only. If you do not select this option, you are effectively stating that the Destination MAC Address/Group traffic is not a criterion for the policy.
Notes:

Conditions that specify both a source and a destination MAC address may be rejected by some switch platforms as invalid. However, if you wish to create policies for both source and destination traffic, you can create one policy for the source traffic and a second policy for the destination traffic.

MAC addresses may contain the wildcard character *. However, one * character must be entered for each individual hex digit in the MAC address: for example, 00435C:******, not 00435C:*.

The following MAC address ranges are assigned to Alcatel-Lucent Enterprise voice devices and Alcatel-Lucent Enterprise IP phones. You can create Conditions specifying these address ranges using the MAC Address tab.

Voice Devices

00809F3A0000 - 00809F3AFFFF

00809F3B0000 - 00809F3BFFFF

00809F3C0000 - 00809F3CFFFF

IP Phones

00809F3D0000 - 00809F3DFFFF

Multi-Media Devices

00809F3E0000 - 00809F3EFFFF

00809F3F0000 - 00809F3FFFFF

L2 VLANs

A VLAN Condition applies the Policy to traffic flowing from/to a VLAN/VLAN Group. You can also create an Inner Source VLAN Condition for a stacked VLAN network, and a Condition based on Virtual Routing and Forwarding (VRF) name (OS10K).

Select the parameter(s) you want to configure by selecting the applicable checkbox. For VLANs/VLAN Groups, click on Single to configure a single VLAN or Group to configure a VLAN Group, then enter a VLAN or select a VLAN Group from the drop-down menu. (You can also click the Add icon to go to the Groups application and create a new VLAN Group.)

Source VLAN/VLAN Group - Configuring a Source VLAN/VLAN Group Condition restricts the policy to traffic that flows from this VLAN/VLAN Group only. If you do not select this option, you are effectively stating that the Source VLAN/VLAN Group traffic is not a criterion for the policy.
Destination VLAN/VLAN Group - Configuring a Destination VLAN/VLAN Group Condition restricts the policy to traffic that flows to this VLAN/VLAN Group only. If you do not select this option, you are effectively stating that the Destination VLAN/VLAN Group traffic is not a criterion for the policy.
Inner Source VLAN - An Inner Source VLAN Condition is applied to double-tagged VLAN Stacking traffic and is used to classify such traffic based on the inner VLAN ID tag, also known as the customer VLAN ID. Configuring an Inner Source VLAN Condition restricts the policy rule to all double-tagged traffic for that VLAN. If you do not select this option, you are effectively stating that the Inner Source VLAN traffic is not a criterion for the policy.
VRF Name - Configuring a VRF Name Condition restricts the policy to traffic that flows to this VRF only. If you do not select this option, you are effectively stating that VRF traffic is not a criterion for the policy. Note that by default, QoS Policy Conditions are not associated with any specific VRF instance. The Policy applies across all instances.

L2 802.1P

An 802.1P Condition applies the Policy to traffic that has a specified 802.1 priority value in the header of the frame. 802.1p is the IEEE extension of 802.1d and is a standard for the use of MAC-layer bridges in filtering and expediting multicast traffic. 802.1p prioritizes traffic through the insertion of a three-bit priority value into the header of the frame. An 802.1 priority value of 7 provides the highest priority, and an 802.1 priority value of 0 provides the lowest priority. Select the parameter(s) you want to configure by selecting the applicable checkbox, then enter a priority value.

802.1 Priority Level - Set the field to the desired priority value (0-7). This will restrict the policy to incoming traffic that has that 802.1 Priority value in the frame header. A value of 7 provides the highest priority and a value of 0 provides the lowest priority. If you do not select this option, you are effectively stating that the 802.1P Priority Level is not a criterion for the Policy.
Inner 802.1 Priority Level - Set the field to the desired priority value (0-7). This will restrict the policy to incoming traffic that has that Inner 802.1 Priority value in the frame header. A value of 7 provides the highest priority and a value of 0 provides the lowest priority. If you do not select this option, you are effectively stating that the Inner 802.1P Priority Level is not a criterion for the Policy.

Note: Please refer to the Switch Release Notes for information on the specific QoS functions available on various platforms and combinations of hardware/firmware. Also note that if an 802.1p value is specified, a DSCP value or a ToS value may not be specified. This restriction does not apply to the OmniSwitch 6800 series switches.

L3 IPs

An IP Condition applies the Policy to traffic originating from, or flowing to, an IP Address/Network group. Any IP Address can be masked. Note that a Condition that specifies both a Source and Destination IP Address/Network Group will be rejected by the switch as invalid. However, if you wish to create policies for both Source and Destination traffic, you can create one policy for the Source traffic and a second policy for the Destination traffic.

Select the parameter(s) you want to configure by selecting the applicable checkbox. For Source/Destination IP Address, click on Single to configure a single IP Address (and Shorthand or Subnet Mask, if applicable), or click on Group to configure a Network Group, then enter an IP Address or select a Network Group from the drop-down menu. (You can also click the Add icon to go to the Groups application and create a new Network Group.)

Fragment - Select this checkbox to restrict the policy to TCP packet fragments.
Source IP Address/Network Group - Configuring a Source IP Address/Network Group Condition restricts the policy to traffic that flows from this IP Address or Subnet Mask/Network Group only. If you do not select this option, you are effectively stating that the Source IP Address or Subnet Mask/Network Group traffic is not a criterion for the policy.
Destination IP Address/Network Group - Configuring a Destination IP Address/Network Group Condition restricts the policy to traffic that flows to this IP Address/Network Group only. If you do not select this option, you are effectively stating that the Destination IP Address or Subnet Mask/Network Group traffic is not a criterion for the policy.
Multicast IP Address Range - Configuring a Multicast IP Address/Group Condition restricts the policy to traffic that flows to this IP Multicast Address Group only. If you do not select this option, you are effectively stating that the Destination IP Multicast Address or Subnet Mask/Group traffic is not a criterion for the policy.

Note: When configuring an IP Address Condition, you can also click either the Shorthand Mask or Subnet Mask button to configure a Subnet Mask. If you are using a Shorthand Mask, select a value from the Shorthand Mask drop-down list. If you are using a full Subnet Mask, enter the mask in the IP Subnet Mask field. Note that the * wildcard character is not allowed in IP addresses.

Important Note: When creating an IP Condition for a NAT Action you must specify a Network Group in the Condition. NAT will only work when both the Condition and Action specify network groups. To create a "One-to-Many" Condition and action, create a Network Group with a single entry for the Condition.

L3 DSCP/TOS

A DSCP/TOS Condition applies the Policy to incoming traffic that has a specified value in either the DSCP (Differentiated Services Code Point) byte or in the TOS (Type of Service) byte. Both DSCP and TOS are mechanisms used to convey QoS information in the IP header of frames. DSCP and TOS are mutually exclusive - you can use either DSCP or TOS but not both. Click on the applicable button (DSCP or TOS) and enter a value.

DSCP - Defines the QoS treatment a frame is to receive from each network device. This is referred to as per-hop behavior. If you are using DSCP, you can define any value in the range 0 - 63 as the DSCP value in the IP header of the frame. Traffic that contains this value will match this condition.
TOS - A TOS value creates a condition that applies the policy to traffic that has the specified TOS value in the IP header of frames. Enter any value from 0 - 7 to specify the value of the precedence field in the TOS byte that will match this condition. A value of 7 has the highest precedence and a value of 0 has the lowest .

Note: Please refer to the Switch Release Notes for information on the specific QoS functions available on various current platforms and combinations of hardware/firmware.

L3 TCP Flags

A TCP Flags Condition applies the Policy to traffic based on TCP values. Typically, the TCP Flags Policy Condition is used in combination with Source IP, Destination IP, Source Port, Destination Port, Source TCP Port, or Destination TCP Port conditions. Note that even though a TCP Flag condition can be used with most action parameters, it is mainly intended for ACL use. Select the parameter(s) you want to configure by selecting the applicable checkbox, then configure the parameter(s) as described below.

Match Established TCP Sessions
- On - Apply the policy to traffic in an established TCP session.
- Off - Do not apply the policy to traffic in an established TCP session.
Modify The Way TCP Flags Are Matched
- All - Apply the policy to traffic that matches all of the TCP Flags configured in the TCP Flag Bits fields.
- Any - Apply the policy to traffic that matches any of the TCP Flags configured in the TCP Flag Bits fields.
Match TCP Flags Bits
- Mask Bits - Enter one or more TCP Flags after the any or all keyword to indicate that the value of the flag bit must be set to one to qualify as a match.
- Match Bits - Enter one or more TCP Flags to indicate which TCP Flags to match. If a TCP Flag is specified as part of the mask but does not have a corresponding match, a value of zero is assumed as the match value.

L4 Services

A Service Condition applies the policy to Service Protocol traffic (TCP or UDP) flowing from/to two TCP or UDP ports, or to traffic flowing from/to a TCP or UDP Service or Service Group. Select a type of Service Condition you want to configure, then configure the parameter(s) as described below.

Protocol Only - Select TCP or UDP to create a condition for a Service Protocol only.
Port(s) - To configure the Condition for a specific Service Port, select a Source and Destination Port from the drop-down menu to specify a specific port for the service you selected. You can also click on the Add icon to go to the Groups application and create new Service Ports.
Service - Select a Service from the drop-down menu. You can also click on the Add icon to go to the Groups application and create a new Service.
Service Group - Select a Service Group from the drop-down menu. You can also click on the Add icon to go to the Groups application and create a new Service Group.

L7 Applications

An Application Condition is used to create a SIP Condition that applies to SIP traffic. To create a SIP Condition, select the checkbox and select a Media Type for the Condition ( Voice / Video / Other ). Selecting a Media Type, restricts the policy to that type of SIP traffic.

Application Visibility

An Application Visibility Condition applies the policy to traffic associated with a specific Application Group. Click on the App Group button and select an Application Group from the drop-down menu.

Note: App Name Conditions are not supported at this time.

VXLAN

A VXLAN Condition creates a VM Snooping Condition that applies to incoming VXLAN packets. VXLAN policy conditions are used to filter VXLAN packets received on VM Snooping ports. VM Snooping must be enabled on a port, and at least one parameter must be configured for a condition.

VXLAN VNI - The VXLAN Network Identifier (VNI). This parameter is required to configure a VM Snooping policy condition. The VXLAN header contains the VNI that is associated with the source MAC address of the Ethernet frame that is encapsulated in a VXLAN packet. The VNI represents the VXLAN segment ID to which the packet belongs.
MAC Address - The source MAC address of the VXLAN packet (source MAC address of the inner Ethernet frame of the encapsulated VXLAN packet).
MAC Mask - The VXLAN Source MAC mask.
IP Address - The source IP address of the packet (source IP address of the inner Ethernet frame of the encapsulated VXLAN packet). You can specify an IP v4 address/mask or an IPv6 address.
VXLAN Port - The UDP destination port number. This number is found in the outer IP header of an encapsulated VXLAN packet. (Range = 0 - 65535, Default = 4789)
IP Protocol - The IP protocol number (IP protocol of the inner Ethernet frame of an encapsulated VXLAN packet). (Range = 0 - 255)
L4 Source Port - The Layer 4 (UDP or TCP) source port (Layer 4 port of the inner Ethernet frame of an encapsulated VXLAN packet). (Range = 0 - 65535)
L4 Destination Port - The Layer 4 (UDP or TCP) destination port (Layer 4 port of the inner Ethernet frame of an encapsulated VXLAN packet). (Range = 0 - 65535)