General Tab (Service)

For Automated services, use the service General tab to define settings for the service. For Manual services, use this tab to enter a description of the service. For more information on services, see How to Create a Service. To access this tab, select a service in the left-panel Services tab and click the General tab in the right panel. The General tab for an Automated service is shown below.

Click the graphic for more information.

Traffic Description Name Rule Type Network Resources Actions Class of Service Access Control Generate System Log Generate Audit Trap Disable Port TCI Overwrite Traffic Mirror Description General Tab (Service

Name
Name of the selected service.
Description
Use the Edit button to open a window where you can enter or modify a description of the service.
TCI Overwrite
Specify the TCI Overwrite functionality for the service:
  • Enabled - Enabling TCI Overwrite allows the VLAN (access control) and class of service characteristics defined in this service to overwrite the VLAN or class of service (CoS) tag in a received packet, if that packet has already been tagged with VLAN or CoS information.
  • Disabled - If this option is disabled the TCI Overwrite option is ignored, but lower-precedence rules and the role default actions may still specify TCI Overwrite for the data packet if there is a match.
  • Prohibited - Do not set TCI Overwrite for this data packet, even when a lower-precedence rule or the role default actions has the TCI Overwrite option set to enabled.

Traffic Description Area

Use this area to provide the specifications for an automated service. You will need to specify the network resource type and the network resources for the service. You will also need to specify the rule type. Some rule types require that you enter certain parameters and/or values. This section is not displayed for a Manual service.

Network Resource Type
Select the network resource type (Layer 2 MAC or Layer 3 IP). This will determine the list of network resources available for selection for this service.
Network Resources
Use the drop-down list to select the network resources to associate with the automated service. Use the configuration menu button to the right of the list to add a network resource or view and edit your network resources. For more information, see How to Create a Network Resource.
Rule Type
Select the type of rule you want to create for the network resources. Some rule types require that you enter certain parameters and/or values. See Classification Types and their Parameters for parameter information. Select and/or enter the required parameters.

Actions Area

Use this area to define the access control and/or a class of service for the Automated service rule. This section is not displayed for a Manual service.

Access Control
Use this drop-down list to select the appropriate access control for the rule. You can permit traffic to be forwarded, deny traffic altogether, or contain traffic to a VLAN. Select None to disable access control for this rule.
  • Permit Traffic - allows traffic to be forwarded with the port's assigned VID.
  • Deny Traffic - traffic will be automatically discarded.
  • Contain to VLAN - contains traffic to a specific VLAN. Use the drop-down list to select the desired VLAN. Use the configuration menu button to the right of the drop-down list to add or edit a VLAN.
Class of Service
Use the drop-down list to select a class of service to associate with the service. Policy Manager lets you define classes of service that each include an 802.1p priority, and optionally an IP type of service (ToS/DSCP) value, rate limits, and transmit queue configuration. You can then assign a class of service as a classification rule action. See Getting Started with Class of Service and How to Create a Class of Service for more information. Select None to disable class of service for this rule. Use the configuration menu button to the right of the drop-down list to add or edit a Class of Service.

When rule accounting is enabled on a device, each rule keeps a list of the ports on which it has been used. The next three options allow you to specify certain rule usage actions to take place when a "rule hit" is reported.
System Log
Specify System Log functionality for the rule:
  • Enabled - If this option is enabled, a syslog message is generated when the rule is used. This option must be enabled if you are configuring Policy Rule Hit Reporting on your devices.
  • Disabled - If this option is disabled and this rule is hit, it does not generate a Syslog message, but lower-precedence rules and the role default actions may still specify a syslog message be sent for this data packet if there is a match.
  • Prohibited - If this rule is hit, no syslog message is generated for this data packet, even when a lower-precedence rule or the role default actions has the System Log action set to enabled.
Audit Trap
Specify Audit Trap functionality for the rule:
  • Enabled - If this option is enabled, an audit trap is generated when the rule is used.
  • Disabled - If this option is disabled and this rule is hit, it does not generate an audit trap, but lower-precedence rules and the role default actions may still specify generating an audit trap for this data packet if there is a match.
  • Prohibited - If this rule is hit, no audit trap is generated for this data packet, even when a lower-precedence rule or the role default actions has the Audit Trap action set to enabled.
Disable Port
Specify Disable Port functionality for the rule:
  • Enabled - If this option is enabled, any port reported as using this rule will be disabled. Ports that have been disabled due to this option are displayed in the device Role/Rule tab.
  • Disabled - If this option is disabled and this rule is hit, it does not disable the port, but lower-precedence rules and the role default actions may still specify disabling the port for this data packet if there is a match.
  • Prohibited - If this rule is hit, the port is not disabled, even when a lower-precedence rule or the role default actions has the Disable Port action set to enabled.
Traffic Mirror
Specify traffic mirroring functionality for the rule:
  • Select port group(s) - Use the drop-down list to select the port groups where mirrored traffic will be sent for monitoring and analysis. Use the configuration menu button to the right of the drop-down list and select View/Modify Port Groups to open the Port Groups tab where you can define user-defined port groups for selection.
  • Disabled - If this option is disabled and this rule is hit, traffic mirroring will not take place, but lower-precedence rules and the role default actions may still specify traffic mirroring for this data packet if there is a match.
  • Prohibited - If this rule is hit, traffic mirroring is disabled, even when a lower-precedence rule or the role default actions has the Traffic Mirror action specified.

Related Information

For information on related tasks:

Top