Log in to ask questions, share your expertise, or stay connected to content you value. Don’t have a login? Learn how to become a member.
In this config you will see the original config atr top then where I re inserted it. But my question is with the top config does it matter the hierachal position it is in or will it still work? If I remember rigth there is a hierarchal position it would have to be in and I thought the hogher the value it would need to be placed at top.Can someone confirm this for me please?abrandt@router# show firewall family inet filter fe-3/3/10.0-inet-i term MCAST-BE { from { destination-address { 224.0.0.0/4; } } then { count MCAST-BE.rx-fe-3/3/10.0-inet-i; loss-priority high; forwarding-class VPN-BE; } } term EF_DSCP { from { dscp [ 40 46 ]; } then { count EF.rx-fe-3/3/10.0-inet-i; loss-priority low; forwarding-class EF; } } term EF-DE_DSCP { from { dscp [ 32 34 36 38 ]; } then { count EF-DE.rx-fe-3/3/10.0-inet-i; loss-priority high; forwarding-class EF; } } term AF_DSCP { from { dscp [ 24 26 28 30 48 56 ]; } then { count AF.rx-fe-3/3/10.0-inet-i; loss-priority low; forwarding-class AF; } } term AF-DE_DSCP { from { dscp [ 16 18 20 22 ]; } then { count AF-DE.rx-fe-3/3/10.0-inet-i; loss-priority high; forwarding-class AF; } } term BE-DE_DSCP { from { dscp [ 8 10 12 14 ]; } then { count BE-DE.rx-fe-3/3/10.0-inet-i; loss-priority high; forwarding-class BE; } } term BE { then { count BE.rx-fe-3/3/10.0-inet-i; loss-priority high; forwarding-class VPN-BE; } } term EF_DSCP_BFD { from { dscp 48; } then { count EF-BFD.rx-fe-3/3/10.0-inet-i; loss-priority low; forwarding-class EF; } } [edit firewall family inet filter fe-3/3/10.0-inet-i] abrandt@router# insert term EF_DSCP_BFD before term EF_DSCP [edit firewall family inet filter fe-3/3/10.0-inet-i]abrandt@router# noc1-rw@hr1.hou1# show term MCAST-BE { from { destination-address { 224.0.0.0/4; } } then { count MCAST-BE.rx-fe-3/3/10.0-inet-i; loss-priority high; forwarding-class VPN-BE; } } term EF_DSCP_BFD { from { dscp 48; } then { count EF-BFD.rx-fe-3/3/10.0-inet-i; loss-priority low; forwarding-class EF; } } term EF_DSCP { from { dscp [ 40 46 ]; } then { count EF.rx-fe-3/3/10.0-inet-i; loss-priority low; forwarding-class EF; } } term EF-DE_DSCP { from { dscp [ 32 34 36 38 ]; } then { count EF-DE.rx-fe-3/3/10.0-inet-i; loss-priority high; forwarding-class EF; } } term AF_DSCP { from { dscp [ 24 26 28 30 48 56 ]; } then { count AF.rx-fe-3/3/10.0-inet-i; loss-priority low; forwarding-class AF; } } term AF-DE_DSCP { from { dscp [ 16 18 20 22 ]; } then { count AF-DE.rx-fe-3/3/10.0-inet-i; loss-priority high; forwarding-class AF; } } term BE-DE_DSCP { from { dscp [ 8 10 12 14 ]; } then { count BE-DE.rx-fe-3/3/10.0-inet-i; loss-priority high; forwarding-class BE; } } term BE { then { count BE.rx-fe-3/3/10.0-inet-i; loss-priority high; forwarding-class VPN-BE; } }
So the answer is it doesnt really matter the order they are in. It will just start from the top to bottom and will match if there is an instance till the filter completes.
I thought I had seen somewhere that they had to be checked in a certain order..
Ahh I totally understand now.. Thank you for your information it really helped..