/system/classes/{name},{type}/cfg_entries

post

https://switch-ip/rest/v10.08/system/classes/{name},{type}/cfg_entries

Recent Requests

Time	Status	User Agent
Retrieving recent requests…

Loading…

Path Params

name

string

required

Reference Resource: Class
Name of a Classifier Class (Class).

type

string

enum

required

Reference Resource: Class
Type of a Class.

Allowed:

Body Params

pcp

integer

0 to 7

Priority Code Point matching attribute. PCP match is not supported when class type is gbp*

ecn

integer

0 to 3

Explicit Congestion Notification matching attribute. Explicit Congestion match is not supported when class type is gbp*

tcp_cwr

boolean

TCP CWR flag matching attribute.

ethertype

integer

0 to 65535

Ethernet type matching attribute.

tcp_psh

boolean

TCP PSH flag matching attribute.

src_ip

string

length ≤ 100

Source IP matching attribute: If no IP address is specified, the Class entry will not match on source IP address. The following IPv4 and IPv6 address formats are accepted. IPv4 format (A.B.C.D | A.B.C.D/W.X.Y.Z) IPv6 format (A:B::C:D | A:B::C:D/W:X::Y:Z) Source IP match is not supported when class type is gbp*

icmp_type

integer

0 to 255

ICMP type matching attribute.

tcp_fin

boolean

TCP FIN flag matching attribute.

dst_mac

string

length ≤ 29

Destination MAC matching attribute: Format (AAAA.BBBB.CCCC | AAAA.BBBB.CCCC/XXXX.YYYY.ZZZZ) Destination MAC match is not supported when class type is gbp*

src_mac

string

length ≤ 29

Source MAC matching attribute: Format (AAAA.BBBB.CCCC | AAAA.BBBB.CCCC/XXXX.YYYY.ZZZZ) Source MAC match is not supported when class type is gbp*

dst_role

string

length ≤ 128

Destination role matching attribute.

count

boolean

Class entry attribute count action: when true, increment hit count for packets that match this Class.

tcp_rst

boolean

TCP RST flag matching attribute.

vlan

integer

0 to 4095

VLAN-ID matching attribute. VLAN-ID match is not supported when class type is gbp*

src_l4_port_min

integer

0 to 65535

Minimum L4 port to match on the packet.

tcp_ack

boolean

TCP ACK flag matching attribute.

fragment

boolean

Fragment matching attribute. If not specified, the class entry will not restrict matching to fragmented packets.

src_l4_port_max

integer

0 to 65535

Maximum L4 port to match on the packet.

dst_l4_port_max

integer

0 to 65535

Maximum IP destination port matching attribute: Used in conjunction with dst_l4_port_min and dst_l4_port_range_reverse.

icmp_code

integer

0 to 255

ICMP code matching attribute.

protocol

integer

0 to 255

IPv4 protocol matching attribute.

dscp

integer

0 to 63

Differentiated Services Code Point matching attribute. DSCP match is not supported when class type is gbp*

sequence_number

integer

required

Reference Resource: Class_Entry
Class entries as configured by the user.

src_role

string

length ≤ 128

Source role matching attribute.

tos

integer

0 to 31

IP Type of Service value matching attribute. IP Type of Service match is not supported when class type is gbp*

dst_l4_port_min

integer

0 to 65535

Minimum IP destination port matching attribute: Used in conjunction with dst_l4_port_max and dst_l4_port_range_reverse.

dst_ip

string

length ≤ 100

Destination IP matching attribute: If no IP address is specified, the Class entry will not match on destination IP address. The following IPv4 and IPv6 address formats are accepted. IPv4 format (A.B.C.D | A.B.C.D/W.X.Y.Z) IPv6 format (A:B::C:D | A:B::C:D/W:X::Y:Z) Destination IP match is not supported when class type is gbp*

tcp_established

boolean

Match packets that are in an established state, (ACK or RST flag is set). If not specified, the class entry will not restrict matching to established TCP connections.

type

string

enum

Type of a class entry: 'match': corresponding policy actions will be performed on the matching packets. 'ignore': matching packets will be processed as if no policy was applied.

Allowed:

tcp_ece

boolean

TCP ECE flag matching attribute.

ip_precedence

integer

0 to 7

IP Precedence matching attribute. IP Precedence match is not supported when class type is gbp*

origin

string

enum

Origin of the class-entry, i.e., how the class-entry is provisioned. dynamic: class entry is provisioned dynamically via DUR from Clearpass server or via a NAS-Filter-Rule attribute from a RADIUS server. synthesized: class entry has been dynamically synthesized by the system. static: class entry is provisioned by the administrator via CLI or REST.

Allowed:

tcp_urg

boolean

TCP URG flag matching attribute.

tcp_syn

boolean

TCP SYN flag matching attribute.

comment

string

length ≤ 256

Comment to associate with the specified class entry.

ttl

integer

0 to 255

Time-to-live matching attribute.

Responses

201

Created

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

415

Unsupported Media Type

500

Internal Server Error

501

Not Implemented

503

Service Unavailable

Language

Loading…