10 match ip precedence, 11 match ip tos – Fortinet MR1 User Manual

262

5.12.2.10 match ip precedence

This command adds to the specified class definition a match condition based on the value of
the IP Precedence field in a packet, which is defined as the high-order three bits of the
Service Type octet in the IP header (the low-order five bits are not checked). The precedence
value is an integer from 0 to 7.

Syntax

match ip precedence <0-7>

Note: The ip dscp, ip precedence, and ip tos match conditions are alternative ways to specify
a match criterion for the same Service Type field in the IP header, but with a slightly different
user notation.

Note: To specify a match on all Precedence values, use the match [not] ip tos <tosbits>
<tosmask> command with <tosbits> set to 0 and <tosmask> set to 1F (hex).

Default

None

Command Mode

Class-Map Config

5.12.2.11 match ip tos

This command adds to the specified class definition a match condition based on the value of
the IP TOS field in a packet, which is defined as all eight bits of the Service Type octet in the
IP header.

Syntax

match ip tos <tosbits> <tosmask>

<tosbits> is a two-digit hexadecimal number from 00 to ff.
<tosmask> is a two-digit hexadecimal number from 00 to ff.
The <tosmask> denotes the bit positions in <tosbits> that are used for comparison against
the IP TOS field in a packet. For example, to check for an IP TOS value having bits 7 and 5
set and bit 1 clear, where bit 7 is most significant, use a <tosbits> value of a0 (hex) and a
<tosmask> of a2 (hex).

Note: The ip dscp, ip precedence, and ip tos match conditions are alternative ways to specify
a match criterion for the same Service Type field in the IP header, but with a slightly different
user notation.