This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

B5 and S-Series switch policy profile with multiple rules

B5 and S-Series switch policy profile with multiple rules

Go to solution
GREG_RICHARDSON
New Contributor

‎10-01-2020 02:59 PM

I’m assuming this is possible but I’m not sure how to do it.

For example based on the GTAC guide “How to Block Bonjour traffic with Policy via Command Line Interface” I know how to drop this IPv4 traffic.

I would like to add to this existing rule another rule that drops the IPv6 version of this traffic (or, better yet, simply drop all IPv6 traffic) but I can’t seem to find a clear example of adding to existing rules using the CLI.

Is there a guide to this somewhere?

 

 

 

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
e_steuber
New Contributor II

‎10-02-2020 11:50 AM

Just add the entry to the existing rule

 

set policy profile 1 name DropIPv6

set policy rule 1 ether 0x86dd mask 16 drop

 

Where the ‘1’ in both lines is the Policy Profile Index.

Since the policy rules in one profile are evaluated by precedence there is no ‘line number’ whiel adding a rule to a profile

View solution in original post

0 Kudos
1 REPLY 1

Go to solution
e_steuber
New Contributor II

‎10-02-2020 11:50 AM

Just add the entry to the existing rule

 

set policy profile 1 name DropIPv6

set policy rule 1 ether 0x86dd mask 16 drop

 

Where the ‘1’ in both lines is the Policy Profile Index.

Since the policy rules in one profile are evaluated by precedence there is no ‘line number’ whiel adding a rule to a profile

0 Kudos
GTM-P2G8KFN