/system/classes/{Class.name},{Class.type}/cfg_entries

post

https://switch-ip/rest/v10.16/system/classes/{Class.name},{Class.type}/cfg_entries

Path Params

Class.name

string

required

Reference Resource: Class
Name of a Classifier Class (Class).

Class.type

string

enum

required

Reference Resource: Class
Type of a Class.

Allowed:

Body Params

comment

string

length ≤ 256

Comment to associate with the specified class entry. This column value can be empty.

count

boolean

Class entry attribute count action: when true, increment hit count for packets that match this Class.

dscp

integer

0 to 63

Differentiated Services Code Point matching attribute. An empty column value indicates that this qualifier will not be used to match packets. DSCP match is not supported when class type is gbp*

dst_ip

string

length between 7 and 79

Destination IP matching attribute: If no IP address is specified, the Class entry will not match on destination IP address. The following IPv4 and IPv6 address formats are accepted. IPv4 format (A.B.C.D/W.X.Y.Z) IPv6 format (A:B::C:D/W:X::Y:Z) If an invalid format is used via REST, it will be accepted. Verify configurations are valid by checking for error log messages and configuration warnings in CLI. An empty column value indicates that this qualifier will not be used to match packets. Destination IP match is not supported when class type is gbp*

dst_l4_port_max

integer

0 to 65535

Maximum IP destination port matching attribute: Used in conjunction with dst_l4_port_min and dst_l4_port_range_reverse. An empty column value indicates that this qualifier will not be used to match packets.

dst_l4_port_min

integer

0 to 65535

Minimum IP destination port matching attribute: Used in conjunction with dst_l4_port_max and dst_l4_port_range_reverse. An empty column value indicates that this qualifier will not be used to match packets.

dst_mac

string

length between 1 and 29

Destination MAC matching attribute: AAAA.BBBB.CCCC/XXXX.YYYY.ZZZZ If an invalid format is used via REST, it will be accepted. Verify configurations are valid by checking for error log messages and configuration warnings in CLI. An empty column value indicates that this qualifier will not be used to match packets. Destination MAC match is not supported when class type is gbp*

dst_role

string

length ≤ 128

Destination role matching attribute. An empty column value indicates that this qualifier will not be used to match packets.

ecn

integer

0 to 3

Explicit Congestion Notification matching attribute. An empty column value indicates that this qualifier will not be used to match packets. Explicit Congestion match is not supported when class type is gbp*

ethertype

integer

0 to 65535

Ethernet type matching attribute. An empty column value indicates that this qualifier will not be used to match packets.

fragment

boolean

Fragment matching attribute. If not specified, the class entry will not restrict matching to fragmented packets.

icmp_code

integer

0 to 255

ICMP code matching attribute. An empty column value indicates that this qualifier will not be used to match packets.

icmp_type

integer

0 to 255

ICMP type matching attribute. An empty column value indicates that this qualifier will not be used to match packets.

ip_precedence

integer

0 to 7

IP Precedence matching attribute. An empty column value indicates that this qualifier will not be used to match packets. IP Precedence match is not supported when class type is gbp*

origin

string

enum

Origin of the class-entry, i.e., how the class-entry is provisioned. dynamic: class entry is provisioned dynamically via DUR from Clearpass server or via a NAS-Filter-Rule attribute from a RADIUS server. synthesized: class entry has been dynamically synthesized by the system. static: class entry is provisioned by the administrator via CLI or REST.

Allowed:

pcp

integer

0 to 7

Priority Code Point matching attribute. An empty column value indicates that this qualifier will not be used to match packets. PCP match is not supported when class type is gbp*

protocol

integer

0 to 255

IPv4 protocol matching attribute. An empty column value indicates that this qualifier will not be used to match packets.

sequence_number

integer

required

Reference Resource: Class_Entry
Class entries as configured by the user. An empty column value indicates that no match criteria is specified for this list.

src_ip

string

length between 7 and 79

Source IP matching attribute: If no IP address is specified, the Class entry will not match on source IP address. The following IPv4 and IPv6 address formats are accepted. IPv4 format (A.B.C.D/W.X.Y.Z) IPv6 format (A:B::C:D/W:X::Y:Z) If an invalid format is used via REST, it will be accepted. Verify configurations are valid by checking for error log messages and configuration warnings in CLI. An empty column value indicates that this qualifier will not be used to match packets. Source IP match is not supported when class type is gbp*

src_l4_port_max

integer

0 to 65535

Maximum L4 port to match on the packet. An empty column value indicates that this qualifier will not be used to match packets.

src_l4_port_min

integer

0 to 65535

Minimum L4 port to match on the packet. An empty column value indicates that this qualifier will not be used to match packets.

src_mac

string

length between 1 and 29

Source MAC matching attribute: AAAA.BBBB.CCCC/XXXX.YYYY.ZZZZ If an invalid format is used via REST, it will be accepted. Verify configurations are valid by checking for error log messages and configuration warnings in CLI. An empty column value indicates that this qualifier will not be used to match packets. Source MAC match is not supported when class type is gbp*

src_role

string

length ≤ 128

Source role matching attribute. An empty column value indicates that this qualifier will not be used to match packets.

tcp_ack

boolean

TCP ACK flag matching attribute.

tcp_cwr

boolean

TCP CWR flag matching attribute.

tcp_ece

boolean

TCP ECE flag matching attribute.

tcp_established

boolean

Match packets that are in an established state, (ACK or RST flag is set). If not specified, the class entry will not restrict matching to established TCP connections.

tcp_fin

boolean

TCP FIN flag matching attribute.

tcp_psh

boolean

TCP PSH flag matching attribute.

tcp_rst

boolean

TCP RST flag matching attribute.

tcp_syn

boolean

TCP SYN flag matching attribute.

tcp_urg

boolean

TCP URG flag matching attribute.

tos

integer

0 to 31

IP Type of Service value matching attribute. An empty column value indicates that this qualifier will not be used to match packets. IP Type of Service match is not supported when class type is gbp*

ttl

integer

0 to 255

Time-to-live matching attribute. An empty column value indicates that this qualifier will not be used to match packets.

type

string

enum

Type of a class entry: 'match': corresponding policy actions will be performed on the matching packets. 'ignore': matching packets will be processed as if no policy was applied. An empty column value indicates that this qualifier will not be used to match packets.

Allowed:

vlan

integer

1 to 4094

VLAN-ID matching attribute. An empty column value indicates that this qualifier will not be used to match packets. VLAN-ID match is not supported when class type is gbp*

Responses

201

Created

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

415

Unsupported Media Type

500

Internal Server Error

501

Not Implemented

503

Service Unavailable

Language

Response

Click Try It! to start a request and see the response here!