Solved

B5 and S-Series switch policy profile with multiple rules

  • 1 October 2020
  • 1 reply
  • 33 views

I’m assuming this is possible but I’m not sure how to do it.

For example based on the GTAC guide “How to Block Bonjour traffic with Policy via Command Line Interface” I know how to drop this IPv4 traffic.

I would like to add to this existing rule another rule that drops the IPv6 version of this traffic (or, better yet, simply drop all IPv6 traffic) but I can’t seem to find a clear example of adding to existing rules using the CLI.

Is there a guide to this somewhere?

 

 

 

icon

Best answer by e.steuber 2 October 2020, 13:50

Just add the entry to the existing rule

 

set policy profile 1 name DropIPv6

set policy rule 1 ether 0x86dd mask 16 drop

 

Where the ‘1’ in both lines is the Policy Profile Index.

Since the policy rules in one profile are evaluated by precedence there is no ‘line number’ whiel adding a rule to a profile

View original

1 reply

Just add the entry to the existing rule

 

set policy profile 1 name DropIPv6

set policy rule 1 ether 0x86dd mask 16 drop

 

Where the ‘1’ in both lines is the Policy Profile Index.

Since the policy rules in one profile are evaluated by precedence there is no ‘line number’ whiel adding a rule to a profile

Reply