228
set diffserv custom-flows name
name
protocol [ TCP | UDP | ICMP | other ]
direction [ outbound | inbound | both ]
start-port [ 0 - 65535 ]
end-port [ 0 - 65535 ]
inside-ip
inside-ip-addr
inside-ip-mask
inside-ip-netmask
outside-ip
outside-ip-addr
outside-ip-mask
outside-ip-netmask
qos [ off | assure | expedite | network-control ]
Defines or edits a custom flow. Select a
name
for the custom-flow from the
set
command.
The CLI will step into the newly-named or previously-defined flow for editing.
•
protocol
– Allows you to choose the IP protocol for the stream:
TCP
,
UDP
,
ICMP
, or
other
.
other
is appropriate for setting up flows on protocols with non-standard port definitions,
for example, IPSEC or PPTP. If you select
other
, an additional field,
numbered-proto-
col
will appear with a range of 0–255. Choose the protocol number from this field.
•
direction
– Allows you to choose whether to apply the marking and gateway queue
behavior for inbound packets, outbound packets, or to both. If the Gateway is used as
an “edge” gateway, its more important function is to mark the packets for high-priority
streams in the outbound direction.
•
start-port
/
end-port
– Allows you to specify a range of ports to check for a particular
flow, if the protocol selection is TCP or UDP.
•
inside-ip/mask
– If you want packets originating from a certain LAN IP address to be
marked, enter the IP address and subnet mask here. If you leave the address equal to
zero, this check is ignored for outbound packets. The check is always ignored for
inbound packets. The DiffServe queuing function must be applied ahead of NAT; and,
before NAT re-maps the inbound packets, all inbound packets are destined for the Gate-
way's WAN IP address.
•
outside-ip/mask
– If you want packets destined for and originating from a certain WAN
IP address to be marked, enter this address and subnet mask here. If you leave the
address equal to zero, the outside address check is ignored. For outbound flows, the
outside address is the destination IP address for the packets. For inbound packets, the
outside address is the source IP address for the packets.
Note:
When setting the Inside/Outside IP Address/Netmask settings, note that a netmask
value can be used to configure for a network rather than a single IP address.