数据层面的控制
PHDF:protocol header data file先把Phdf load进路由器,用命令loadflash:icmp.phdf
例某phdf文件为:icmp.phdf
<?xml version="1.0" encoding="utf-8"?>
<phdf>
<version>1</version>
<protocol name="icmp" description="ICMP-Protocol">
<field name="type" description="ICMP-Message-Type">
<offset type="fixed-offset" units="bits">0</offset> //type字段从第0bit开始
<length type="fixed" units="bits">8</length></field> //占8个字节
<field name="code" description="ICMP-Message-Code">
<offset type="fixed-offset" units="bits">8</offset> //code字段从第8bit开始
<length type="fixed" units="bits">8</length> //占8个字节
</field>
<field name="checksum" description="ICMP-Checksum">
<offset type="fixed-offset" units="bits">16</offset>
<length type="fixed" units="bits">16</length> </field>
<field name="payload-start" description="ICMP-Payload-Start">
<offset type="fixed-offset" units="bytes">4</offset>
<length type="fixed" units="bytes">0</length>
</field>
<headerlength type="fixed" value="4"></headerlength>
</protocol>
</phdf>
分四步实施:
1.load phdf
2.建立traffic class
3.建立traffic policy
4.把service policy应用在接口上
class-map type stack定义具体的协议
class-map type access-control定义stack里定义的协议里具体的内容
policy-map type access-control给定义的所有class实施行为,可以嵌套,Policy-map里的行为可是另一个Policy-map定义的嵌套
最后把service-policy type access-control应用在接口下
showprotocols phdp ip/udp/tcp
Thanks for your information.
页:
[1]