The set firewall filter copp sequence from protocol command configures a firewall filter rule based on the protocol type for traffic classification.


Command Syntax

set firewall filter copp sequence <number> from protocol [icmp | igmp | ip | ospf | others <protocol-number> | udp | tcp]


Parameter

Parameter

Description

sequence <number>

Specifies filter sequence number. The value is an integer that ranges from 0 to 9999.

The 15 integers 10, 20, 30, 40, 50, 60, 70, 80, 90, 100, 110, 120, 130, 140, 150 are not allowed to be used for sequence numbers in user-defined CoPP firewall filter rules.

protocol [icmp | igmp | ip | ospf | others <protocol-number> | udp | tcp]

Specifies a protocol name or a protocol number.

Protocol name could be icmp, igmp, ip, ospf, udp or tcp.

Protocol number is an integer that ranges from 0 to 255. For example, 8 for EGP, 9 for IGP, 47 for GRE, 88 for EIGRP, 103 for PIM, and 112 for VRRP.

 

Usage Guidelines

You can run the set firewall filter copp sequence from protocol command to configure a firewall filter rule based on the protocol type for traffic classification so that the device processes packets matching the same firewall filter rule in the same manner.

BPDU, LLDP, LACP and ARP cannot be classified through the protocol field, as they are not an IP protocol. You can classify these protocol packets in other matching fields, such as destination-mac-address, destination-port and ether-type.

NOTE:

set firewall filter copp sequence from protocol icmp and set firewall filter copp sequence from protocol igmp commands configure the firewall filter rules based on the ICMP or IGMP protocol type for only IPv4 traffic classification. To configure the firewall filter rule based on the ICMP or IGMP protocol type for IPv6 traffic classification, use the set firewall filter copp sequence from protocol others command with the protocol number.


 

Example

• Configure a firewall filter rule based on ICMP protocol.

admin@XorPlus# set firewall filter copp sequence 51 from icmp
admin@XorPlus# commit