map

Required Command-Line Mode = Configure

Use the map command to configure flow maps and map parameters.

The map command has the following syntax:

map alias <alias>
   a-to-b <<ordered list of inline tools and inline tool groups> | bypass | same | reverse>
   b-to-a <<ordered list of inline tools and inline tool groups> | bypass | same | reverse>
   comment <comment>
   enable

encap-tunnel <tunnel name>
   flowrule
      add <drop | pass> gtp <imsi | imei | msisdn> <number[*]> [comment <comment> | interface <Gn | S11 |
         S5 | S10> | version <1 | 2>]
      delete <all | rule-id <rule ID>>
   flowsample

fstype rotational timer <value> offset <value>

 flowsample

add 5g<dnn<pattern>> [comment <comment>] <pei<number[*]>> <supi<number[*]>>
         <gpsi<number[*]>> <nsiid <SST | SST.SD>> <nci><pattern><tac><pattern>< plmn-id> <mcc.mnc> <5qi><percentage <percentage range>>          
<qci <value>> <version <1 | 2>>


    
   
      add gtp <apn <pattern>> [comment <comment>] <imei <number[*]>> <imsi <number[*]>>
         <interface <Gn | S11 | S5 | S10>> <msisdn <number[*]>> <eci><pattern>
<plmn-id> <mcc.mnc> <tac><pattern> <percentage <percentage range>>
         <qci <value>> <version <1 | 2>>
      add sip <caller-id <caller ID>> <percentage <percentage range>>
      delete <gtp | sip> <all | priority-id <rule ID>>
      insert <after | before> <priority index> <gtp> <apn <pattern>> [comment <comment>]
         <imei <number[*]>> <imsi <number[*]>> <msisdn <number[*]>> <interface <Gn | S11 | S5 | S10>>
         <percentage <percentage range>> | <qci <value>> <version <1 | 2>>
      insert <after | before> <priority index> <sip> <caller-id <caller ID>> <percentage <percentage range>>
   from <port-id | port-alias | port-list | gigastream-alias | gigastream-alias-list | inline-network-alias |
      inline-network-group-alias | vport-alias>
   gsrule
      add <drop | pass> <criteria>
      delete <all | rule-id <rule ID>>
   no-rule-match pass
   oob-copy from <inline-network alias | through-list item> [dir <a-to-b | b-to-a>] to <tool port list> tag <none |
      as-inline>
   param traffic control
   priority <after <map name> | before <map name> | highest | lowest>
   roles <assign | replace> <role> [to <role list>]
   rule
      add <drop | pass> <criteria>
      copy-from template <template alias>
      delete <all | rule-id <rule ID>>
      edit rule-id <rule ID> <comment <comment> | drop <criteria> | pass <criteria>>

rewrite-dstip <x.x.x.x>

rewrite-dstmac <xxxx.xxxx.xxxx | xx:xx:xx:xx:xx:xx>

rewrite-srcip <x.x.x.x>

rewrite-srcmac <xxxx.xxxx.xxxx | xx:xx:xx:xx:xx:xx>

 tag <<1-4000> | auto>
   to <port-id | port-alias | port-list | gigastream-alias | gigastream-alias-list | inline-tool-alias |one-arm|
inline-tool-group-alias | inline-serial-alias | bypass | vport-alias | null-port>
   encap-tunnel <tunnel-alias>
   type <firstLevel | flexInline | inline | regular | transitLevel| secondLevel>
      firstLevel [byRule]
      flexInline [byRule | collector]
      inline [byRule]
      regular [byRule]
      secondLevel [byRule | flowFilter | flowSample | flowSample-ol | flowSample-sip | flowWhitelist |

|  flowWhitelist-ol | flowWhitelist-sip | flowWL-5g | flowSample-5G]
   use gsop <gsop alias>
   whitelist

add 5g

<dnn <pattern>| type <supi | ran | all >
      add gtp <apn <pattern> | interface <Gn | S10 | S11 | S5> | version <1 | 2>> | type <imsi | ran | all >
      delete all

   add sip <all | callee-id | caller-id | dest-ip | ip-addr | src-ip>
map priority <map names>

The following table describes the arguments for the map command:

Argument

Description

alias <alias>

Specifies the name of the map. The alias must be unique and can contain up to 128 characters. Aliases are case-sensitive.

For example:

(config) # map alias map1

(config map alias map1) #

The following are reserved keywords that cannot be used in map aliases with any character case:

rule
map

For example, using these keywords in a map alias displays an error message:

% Invalid alias 'Rule'. 'Rule' is a reserved word.

or

% Invalid alias 'MAP'. 'MAP' is a reserved word.

a-to-b <<ordered list of inline tools and inline tool groups> | bypass | same | reverse>

For flexible inline arrangements, specifies the sequence of inline tools or inline tool groups through which the traffic will be guided between the respective inline network ports, as follows:

ordered list of inline tools and inline tool groups—Specifies the list of aliases of inline tools and inline tool groups participating in the flexible inline map in the a-to-b direction, in order. The maximum number of inline tools or inline tool groups in the list is 16 for one direction.
bypass—Specifies the traffic be sent to bypass.
same—If a map has both a-to-b and b-to-a parameters, this option specifies the same value as the other parameter.
reverse—If a map has both a-to-b and b-to-a parameters, this option specifies the ordered list of inline tools and inline tool groups in the other parameter, but in the reverse order.

Separate each alias with a comma. For example:

(config map alias flexmap1) # a-to-b IT1,IT2,IT3,IT4

b-to-a <<ordered list of inline tools and inline tool groups> | bypass | same | reverse>

For flexible inline arrangements, specifies the sequence of inline tools or inline tool groups through which the traffic will be guided between the respective inline network ports, as follows:

ordered list of inline tools and inline tool groups—Specifies the list of aliases of inline tools and inline tool groups participating in the flexible inline map in the b-to-a direction, in order. The maximum number of inline tools or inline tool groups in the list is 16 for one direction.
bypass—Specifies the traffic be sent to bypass.
same—If a map has both a-to-b and b-to-a parameters, this option specifies the same value as the other parameter.
reverse—If a map has both a-to-b and b-to-a parameters, this option specifies the ordered list of inline tools and inline tool groups in the other parameter, but in the reverse order.

Separate each alias with a comma. For example:

config# map alias flexmap2 # b-to-a IT3,IT4,IT1,IT2

comment <comment>

Supplies an optional comment for this map. The comment will appear in show map output. For example:

(config map alias map1) # comment “to SanFran”

enable

Enables the specified map.

Maps with rules can be enabled or disabled. For all map enable and disable actions, only regular maps and first level maps are supported. Other maps (such as map-passall, second level maps, and inline maps) are not supported.

When a map is disabled, traffic is not passed to the tool ports.

When a map is disabled, the map rules are still present, but the map is marked as disabled. Map rules consume resources even if the map the disabled.

Map statistics are not updated when a map is disabled.

For example:

(config) # map alias map1 enable

encap-tunnel

Enables the encap tunnel configuration in a specified map.

For example:

(config) # map alias encap-tunnel encap1

flowrule    add <drop | pass>       gtp <imsi | imei | msisdn> <number[*]>       [comment <comment> | interface <Gn | S11       | S5 | S10> | version <1 | 2>]   delete <all | rule-id <rule ID>>

 

Note:  This command is supported only on C05 cards and not supported on C08 cards.

Configures map rules for GTP correlation. The arguments are as follows:

add—Adds a new drop or pass flowrule to match specified IMSI, IMEI, MSISDN subscriber IDs, Evolved Packet Core (EPC) interface or GTP version can also be specified.
delete—Deletes all flowrules or a specified flowrule in a map by its rule ID.

To specify version, use the following:

1 for v1
2 for v2
To specify any version, do not add either version 1 or version 2 to the flowrule.

To specify EPC interfaces, use the following:

Gn for Gn/Gp
S11 for S11/S1-U
S5 for S5/S8
S10

Note:  Version and interface cannot be specified in the same flowrule.

Examples:

(config) # map alias map1 flowrule add pass gtp imsi 21345*

(config) # map alias map1 flowrule add pass gtp imsi 21345* interface S5

(config) # map alias map1 flowrule add drop gtp imsi 21345* version 1

The maximum number of GTP flowrules is 32 per map (16 pass and 16 drop rules).

The procedure for creating a GTP flowrule for specified IMSIs is as follows:

Create a GigaSMART group and associate it with one or more GigaSMART engine ports. For example:

(config) # gsgroup alias gsg1 port-list 1/1/e1

Create a GigaSMART operation using flow-ops flow-filtering gtp and assign it to the GigaSMART group. For example:

(config) # gsop alias gtp_sf flow-ops flow-filtering gtp port-list gsg1

Create a GigaSMART virtual port and assign it to the same GigaSMART group. For example:

(config) # vport alias vp1 gsgroup gsg1

Create a first level map directing GTP traffic from physical network ports to the virtual port created in the previous step. For example:

(config) # map alias to_vp

(config map alias to_vp) # type firstLevel byRule

(config map alias to_vp) # to vp1

(config map alias to_vp) # from 1/1/x3

(config map alias to_vp) # rule add pass portsrc 2123

(config map alias to_vp) # rule add pass portsrc 2152

(config map alias to_vp) # exit

Create a second level map that takes traffic from the GigaSMART virtual port, applies the flow-ops GigaSMART operation, matches IMSIs specified by a flowrule, and sends matching traffic to physical tool ports. For example:

map alias IMSI-list1

(config map alias IMSI-list1) # type secondLevel flowFilter

(config map alias IMSI-list1) # use gsop gtp_sf

(config map alias IMSI-list1) # to 1/1/x4

(config map alias IMSI-list1) # from vp1

(config map alias IMSI-list1) # flowrule add pass gtp imsi 22222222222223*

(config map alias IMSI-list1) # exit

 

Note:  The above command is supported only on C05 cards and not supported on C08 cards.

 

Refer to the GigaSMART GTP Correlation section in the GigaVUE Fabric Management Guide for more information.

fstype rotational timer <value> offset <value>

Configures map rules for GTP rotational flow sampling. The arguments are as follows:

timer— The percentage of the flow to be sampled for a given GTP version.
offset—Enter the percentage of sessions to be sampled in the given interval in the Offset range .

 

flowsample

add gtp <apn <pattern>> [comment       <comment>] <eci><imei <number[*]>> <imsi       <number[*]>> <interface <Gn | S11 | S5 |       S10>> <msisdn <number[*]>><plmn-id> <qci <value>> <tac> <5qI <pattern>>< version <1 | 2>> <percentage       <percentage range>>   

delete <gtp> <all | priority-id <rule ID>>

  

insert <after | before> <priority index> <gtp>       <apn <pattern>> [comment <comment>]       <imei <number[*]>> <imsi <number[*]>>

       <msisdn <number[*]>> <interface <Gn | S11       | S5 | S10>> <percentage <percentage       range>> | <qci <patttern> <value>> <version <1 | 2>>

Configures map rules for GTP flow sampling. The arguments are as follows:

add—Adds a new pass flow sampling rule to a flow sampling map to match specified IMSI, IMEI, or IMSISDN subscriber IDs. Wildcard suffixes are supported on subscriber IDs. The percentage of the flow to be sampled must also be specified. In addition, Evolved Packet Core (EPC) interface or GTP version, Access Point Name (APN), or QoS Class Identifier (QCI), can also be specified to send matching traffic to desired tool ports, based on the sampling.
o To specify version, use 1 for v1 and 2 for v2. To specify any version, do not add either version 1 or version 2 to the flowsample rule.
o To specify EPC interface types, use: Gn for Gn/Gp, S11 for S11/S1-U, S5 for S5/S8, S10.

Note:  Version and interface cannot be specified in the same flowsample rule.

o To specify an APN, use a pattern, with or without a wildcard prefix or suffix, up to a maximum of 100 case-insensitive characters, as well as period (.), hyphen (-), and wildcard (*). APN is not supported on GigaVUE-HB1.
o To specify a QCI, use a value from 0 to 255. A wildcard prefix or suffix is not supported. QCI can only be used in flow sampling map rules in combination with APN.
o To specify ECI, use hexadecimal format and supports wildcard. The maximum characters allowed are 9, and the minimum length is 4.
o To specify TAC, use hexadecimal format and supports wildcard. The maximum characters allowed are 4, and the minimum characters are 2.
o To specify PLMNID, MCC and MNC values are mandatory. MCC must have 3 characters. MNC values ranges between 1 to 3. MNC supports wildcard.
o To specify 5QI, use a value from 1 to 255.
o To specify a percentage, use the following:
■   1 to 100 to specify the percentage of subscribers to sample
■   0 to drop sampled data that matches a rule

Examples:

(config) # map alias map1 flowsample add gtp imsi 21345* percentage 30

(config) # map alias map1 flowsample add gtp imsi 21345* interface Gn percentage 30

(config) # map alias map1 flowsample add gtp imsi 21345* imei 66* version 2 percentage 30

(config) # map alias map1 flowsample add gtp apn *ims* percentage 50

(config) # map alias map1 flowsample add gtp apn *ims* qci 5 percentage 50

You can put IMEI, IMSI, and MSISDN numbers in a single rule. The rule will only be matched if the IMEI, IMSI, and MSISDN match.

delete—Deletes all existing rules from a flow sampling map, or specifies a rule to delete from a flow sampling map using a priority ID. For example:

(config) # map alias map1 flowsample delete gtp all

(config) # map alias map1 flowsample delete gtp priority-id 2

insert—Inserts a new rule into a flow sampling map either before or after a specified priority ID. A priority ID indicates the order of rules in the map. Use before and after to order the rules. The first rule has the highest priority. The syntax for an inserted flow sampling rule is the same as for add.

Examples:

(config) # map alias map1 flowsample insert after 12 gtp imsi 22345* percentage 70

(config) # map alias map1 flowsample insert after 12 gtp imsi 22345* interface S10 percentage 70

(config) # map alias map1 flowsample insert before 11 gtp imsi 22345* version 1 percentage 70

Note:  When a flowsample rule is inserted, it will appear as an addition in the output of the running configuration.

Note:  The maximum number of GTP flowsample rules is 20 per map. Up to ten (10) flow sampling maps can be configured per vport.

Refer to the “GigaSMART GTP Whitelisting and GTP Flow Sampling” section in the GigaVUE Fabric Management Guide for more information.

 

Configures map rules for 5G flow sampling. The arguments are as follows:

flowsample

add 5g<dnn<pattern>> [comment <comment>] <pei<number[*]>> <supi<number[*]>>          <gpsi<number[*]>> <nsiid <SST | SST.SD>> <nci><pattern><tac><pattern>< plmn-id> <mcc.mnc><percentage <percentage range>>         

delete 5g<dnn<pattern>> [comment <comment>] <pei<number[*]>> <supi<number[*]>>          <gpsi<number[*]>> <percentage <percentage range>>

>

insert <after | before> <priority index> <5g>       <dnn<pattern>> [comment <comment>]       <pei<number[*]>> <supi<number[*]>>

 

Configures map rules for 5G flow sampling. The arguments are as follows:

add—Adds a new pass flow sampling rule to a flow sampling map to match specified GPSI, PEI, SUPI, NSI, TAC, PLMN, ECI or NCI subscriber IDs. Wildcard suffixes are supported on subscriber IDs. The percentage of the flow to be sampled must also be specified.
o To specify version, use 1 for v1 and 2 for v2. To specify any version, do not add either version 1 or version 2 to the flowsample rule.

Note:  Version and interface cannot be specified in the same flowsample rule.

o To specify NSI ID, SST value is mandatory . SD value is optional. SD value supports wildcard. The maximum value allowed for SST is 3 and SSD is 6.
o To specify NCI, use hexadecimal format and supports wildcard. The maximum characters allowed are 9, and the minimum length is 4.
o To specify TAC, use hexadecimal format and supports wildcard. The maximum characters allowed are 6, and the minimum characters are 2.
o To specify PLMNID, MCC and MNC values are mandatory. MCC must have 3 characters. MNC values ranges between 1 to 3. MNC supports wildcard.
o To specify a percentage, use the following:
■   1 to 100 to specify the percentage of subscribers to sample
■   0 to drop sampled data that matches a rule

Examples:

(config) # map alias map1 flowsample add 5G nci f12345678 percentage 100

 

delete—Deletes all the existing rules from a flow sampling map, or specifies a rule to delete from a flow sampling map using a priority ID. For example:

(config) # map alias map1 flowsample delete 5G all

 

insert—Inserts a new rule into a flow sampling map either before or after a specified priority ID. A priority ID indicates the order of rules in the map. Use before and after to order the rules. The first rule has the highest priority. The syntax for an inserted flow sampling rule is the same as for add.

Examples:

(config) # map alias map1 flowsample insert after 5G imsi nci f12345678 percentage 100

Note:  When a flowsample rule is inserted, it will appear as an addition in the output of the running configuration.

Refer to the “GigaSMART 5G Whitelisting and 5G Flow Sampling” section in the GigaVUE Fabric Management Guidefor more information.

 

flowsample   add sip <caller-id <caller ID>>       <percentage <percentage range>>   delete <sip> <all | priority-id <rule ID>>   insert <after | before> <priority index> <sip>       <caller-id <caller ID>>       <percentage <percentage range>>

Configures map rules for SIP flow sampling. The arguments are as follows:

add—Adds a new pass flow sampling rule to a flow sampling map to match specified caller IDs. Wildcard suffixes are supported. The percentage of the flow to be sampled must also be specified. For example:

(config) # map alias map1 flowsample add sip caller-id * percentage 50

delete—Deletes all existing rules from a flow sampling map, or specifies a rule to delete from a flow sampling map using a priority ID. For example:

(config) # map alias map1 flowsample delete sip all

(config) # map alias map1 flowsample delete sip priority-id 2

insert—Inserts a new rule into a flow sampling map either before or after a specified priority ID. A priority ID indicates the order of rules in the map. Use before and after to order the rules. The first rule has the highest priority. The syntax for an inserted flow sampling rule is the same as for add. For example:

(config) # map alias map1 flowsample insert after 12 sip caller-id * percentage 50

Note:  The maximum number of SIP flowsample rules is 20 per map.

Refer to GigaSMART SIP/RTP Correlation” in the GigaVUE Fabric Management Guide for details and examples.

from <port-id | port-alias | port-list |    gigastream-alias | gigastream-alias-list |    inline-network-alias |    inline-network-group-alias | vport-alias>

Specifies the source(s) for packets matching this map. Use one of the following:

port-id, port-alias, port-list—Sends matching traffic from one or more network ports specified using the standard conventions described in Port Lists Definition in the GigaVUE‑OS.
gigastream-alias, gigastream-alias-list—Sends matching traffic from the specified GigaStream. Refer to the “GigaStreamsection in the GigaVUE Fabric Management Guide for details on GigaStream.
inline-network-alias—Sends matching traffic from the specified inline network alias.
inline-network-group-alias—Sends matching traffic from the specified inline network group alias.
vport-alias—Sends matching traffic from the virtual port associated with the GigaSMART group.

Note:  You can add a maximum of 324 ports, if the ports are not attached to a GigaStream.

Refer to the “Associating Inline Networks with Inline Tools Using Inline Maps” section in the GigaVUE Fabric Management Guide for details on inline-network-alias and inline-network-group-alias.

For example:

(config) # map alias map1 from port1

gsrule

add <drop | pass> <criteria>   delete <all | rule-id <rule ID>>

Adds or deletes a gsrule (GigaSMART rule). GigaSMART rules use Adaptive Packet Filtering to match specified packets in a second level map receiving traffic from a GigaSMART virtual port (vport). The overall procedure for creating a gsrule is as follows:

1. Create a GigaSMART group and associate it with one or more GigaSMART engine ports. For example:

(config) # gsgroup alias gsg1 port-list 1/1/e1

2. Create a GigaSMART operation with an Adaptive Packet Filtering (apf) component and assign it to the GigaSMART group. For example:

(config) # gsop alias gsfil apf set port-list gsg1

3. Create a GigaSMART virtual port and assign it to the same GigaSMART group. For example:

(config) # vport alias vp1 gsgroup gsg1

4. Create a first level map directing selected traffic from physical network ports to the virtual port you created in the previous step. For example, the following map forwards all Fiber Channel over Ethernet (ethertype 8906) traffic from 1/1/x3 to the virtual port:

(config) # map alias to_vp

(config map alias to_vp) # type firstLevel byRule

(config map alias to_vp) # to vp1

(config map alias to_vp) # from 1/1/x3

(config map alias to_vp) # rule add pass ethertype 8906

(config map alias to_vp) # exit

5. Create a second level map that takes traffic from the GigaSMART virtual port, applies the Adaptive Packet Filtering GigaSMART operation, includes the GigaSMART rule with the filter, and sends matching traffic to physical tool ports. For example, the following second level map includes a regular expression string match at a specified offset (in this case, the offset for the destination address in a Fiber Channel over Ethernet packet).

map alias m1

(config map alias m1) # type secondLevel byRule

(config map alias m1) # use gsop gsfil

(config map alias m1) # to 1/1/x1

(config map alias m1) # from vp1

(config map alias m1) # gsrule add pass pmatch string "\xff\xff\xfe" 29

(config map alias m1) # exit

Note:  The maximum number of gsrules that can be specified in a map is 5.

Refer to the “GigaSMART Adaptive Packet Filtering (APF)” section for more information.

no-rule-match pass

Specifies what to do with traffic that does not match any rule in a map that only has drop rules. This argument changes the default behavior of drop to pass in a drop-only map.

If you do not use this argument and there are only drop rules in a map, the default behavior is that all traffic not matching the rules will be dropped, or, if a shared collector is configured, traffic will be sent to the shared collector.

However, if you use this argument and there are only drop rules in a map, traffic will be passed rather than dropped. For example:

(config) # map alias m1

(config map alias m1) # type regular byRule

(config map alias m1) # from 1/1/x1

(config map alias m1) # to 2/1/x2

(config map alias m1) # rule add drop ipver 4

(config map alias m1) # no-rule-match pass

(config map alias m1) # exit

When managing map rule resources, note that using this argument consumes one extra map rule.

oob-copy from <inline-network alias | through-list item> [dir <a-to-b | b-to-a>] to <tool port list> tag <none | as-inline>

For flexible inline arrangements, configures an out-of-band (OOB) map by copying from a flexible inline map as follows:

from—Specifies the OOB copy source as follows:
o inline network alias—Taps traffic from the source inline network of the flexible inline map.
o through list item—Taps traffic from a tool member in the a-to-b or b-to-a list.

Note:  All sources of an OOB copy configuration must be a member of the flexible inline map, either an inline network in the from parameter or a single member of the a-to-b or b-to-a inline tool list.

dir—Specifies the direction of the source from which to tap traffic as follows:
o a-to-b—Taps traffic from the a-to-b side of the source.
o b-to-a—Taps traffic from the b-to-a side of the source.
to—Specifies the destination inline tools. The to parameter can be a regular tool port, a hybrid port, or a GigaStream on the same GigaVUE node.
tag—Specifies the OOB copy tag as follows:
o none—Does not tag packets going to the OOB tool. The default is none.
o as-inline—Uses the same external VLAN tag as the flexible inline map.

For example:

(config) # map alias flexmap oob-copy from iN1 dir a-to-b to it1 tag as-inline

param traffic control

Specifies an option to pass GTP control traffic (GTP-c) to all GigaSMART engines in a GTP engine group. A GTP engine group has multiple GigaSMART engine port members.

For example:

(config) # map alias to_vp_ctrl param traffic control

Refer to “GTP Engine Grouping” section in the GigaVUE Fabric Management Guide for details. Also refer to the GigaSMART GTP Correlation and the “GigaSMART GTP Whitelisting and GTP Flow Sampling” sections in the GigaVUE Fabric Management Guide.

priority <after <map name> | before <map name> | highest | lowest>

Sets the priority of the map relative to other maps. A packet matching multiple maps is sent to the map with the highest priority.

For example:

(config) # map alias map1 priority before map2

roles <assign | replace> <role> [to <role list>]

Assigns a user role to a map access list or replaces a map access list.

For example:

(config) # map alias map1 roles assign monitor to listen_roles

rule   add <drop | pass> <criteria>

Adds map rules (drop or pass), as follows:

add—Creates a new pass rule.

drop—Creates a new drop rule. Packets matching drop rules are dropped immediately without being sent to any configured shared collector or compared to any pass rules.

Within a map, drop rules have precedence over pass rules. So, if a packet matches both a pass and a drop rule in the same map, the packet is dropped rather than passed.

Both pass and drop rules have a wide variety of packet-matching criteria available, including MAC/IP addresses, application ports, VLAN IDs, and so on. Refer to map rule for rule criteria details.

For example:

(config) # map alias map1

(config map alias map1) # from 1/1/q1

(config map alias map1) # to 1/1/q2

(config map alias map1) # rule add pass vlan 100 comment “comment for rule”

(config map alias map1) # comment “comment for whole template”

(config map alias map1) # exit

rule   copy-from template <template alias>

Copies map rules from a template to create a map.

If there is a comment associated with the rule, it will be copied as well.
If there is a comment associated with the template as a whole, it will not be copied.

For example,

(config) # map alias map1

(config map alias map1) # from 1/1/q1

(config map alias map1) # to 1/1/q2

(config map alias map1) # rule copy-from template my_rule_template

(config map alias map1) # exit

rule   delete <all | rule-id <rule ID>>

Deletes map rules, as follows:

all rules in the map.
a specified map rule in a map by rule-id. You can obtain the rule ID using the following command and typing the question mark (?) after the rule-id keyword. For example:

(config) # map alias add_header_1 rule delete rule-id ?<Integer> Rule Id13101112

You can also obtain the rule ID using the following command and pressing the Tab key after the rule-id keyword. For example:

(config) # map alias add_header_1 rule delete rule-id1 3 10 11 12

To delete a single rule:

(config) # map alias add_header_1 rule delete rule-id 1

To delete multiple rules, separate them with commas as follows:

(config) # map alias add_header_1 rule delete rule-id 1,3,10

To delete a range of rules, use the following syntax:

(config) # map alias add_header_1 rule delete rule-id 10..12

To delete multiple rules including ranges, use the following syntax:

(config) # map alias add_header_1 rule delete rule-id 1,3,10..12

You can also obtain the rule ID for a specified map rule with the show map alias <alias> command.

rule   edit rule-id <rule ID> <comment <comment> |       drop <criteria> | pass <criteria>>

Edits a specified map rule in a map by rule-id.

You can obtain the rule ID using the following command and typing the question mark (?) after the rule-id keyword. For example:

(config) # map alias dedup_1 rule edit rule-id ?<Integer> Rule Id12

You can also obtain the rule ID using the following command and pressing the Tab key after the rule-id keyword. For example:

(config) # map alias dedup_1 rule edit rule-id1 2

Once you have the rule-id, the following can be edited:

comment <comment>—Edits a map rule comment.
drop <criteria>—Edits the specified criteria in a drop rule.
pass <criteria>—Edits the specified criteria in a pass rule.

Refer to map rule for rule criteria details.

Maps with a subtype of ol, for overlap, such as flowSample-ol or flowWhitelist-ol, do not support map editing.

rewrite-dstmac <value> | rewrite-srcmac<value>

no rewrite-dstmac | no rewrite-srcmac

For MAC Address rewrite ,configure the destination and Source fields as follows:

rewrite-dstmac xx:xx:xx:xx:xx:xx — Configure destination MAC rewrite for all the pass rules associated with the map.
rewrite-srcmac xx:xx:xx:xx:xx:xx— Configure source MAC rewrite for all the pass rules associated with the map.

To unconfigure MAC Address rewrite for map based configuration use the below:

no rewrite-dstmac — Unconfigure the map level configured destination MAC rewrite value.
no rewrite-srcmac — Unconfigure the map level configured source MAC rewrite value.

To delete a rule based MAC address re-write utilize the rule edit or delete command.

rewrite-dstip <value> | rewrite-srcip<value>

no rewrite-dstip | no rewrite-srcip

For IP Address rewrite, configure the destination and Source fields as follows:

rewrite-dstip x.x.x.x — Configure destination IP rewrite for all the pass rules associated with the map.
rewrite-srcip x.x.x.x— Configure source IP rewrite for all the pass rules associated with the map.

Note:  The IP addresses 0.0.0.0, 255.255.255.255, and multicast are not accepted.

To unconfigure IP Address rewrite for map based configuration use the below:

no rewrite-dstip — Unconfigure the map level configured destination IP rewrite value.
no rewrite-srcip — Unconfigure the map level configured source IP rewrite value.

To delete a rule based IP address re-write utilize the rule edit or delete command.

 

 

For flexible inline arrangements, configures an external VLAN tag for a flexible inline map, as follows:

1-4000—Specifies a user-defined value for the external VLAN ID in the range of 1 to 4000.
auto—Automatically assigns an external VLAN ID for packets going to inline tools.
The default is auto.

The tag value is unique to each flexible inline map.

For example:

(config) # map alias flexmap1 tag 100

to <port-id | port-alias | port-list | gigastream-alias | gigastream-alias-list | inline-tool-alias | one-arm| inline-tool-group-alias | inline-serial-alias | bypass | vport-alias | null-port>

Specifies the destination(s) for packets matching this map. Use one of the following:

port-id, port-alias, port-list—Sends matching traffic to one or more tool ports specified using the standard conventions described in Port Lists Definition in the GigaVUE‑OS.
gigastream-alias, gigastream-alias-list—Sends matching traffic to the specified tool GigaStream. Refer to the “GigaStream section in the GigaVUE Fabric Management Guide for details on GigaStream.
inline-tool-alias—Sends matching traffic to the specified inline tool alias.
one-arm- Configures one -arm mode for second level map.
inline-tool-group-alias—Sends matching traffic to the specified inline tool group alias.
inline-serial-alias—Sends matching traffic to the specified inline tool series alias.
bypass—Sends matching traffic to the specified inline bypass.
vport-alias—Sends matching GigaSMART traffic to the virtual port associated with the GigaSMART group.
null-port—Drops traffic after the GigaSMART operation is performed on the traffic. This is applicable for regular maps and second-level maps.

Refer to the “Associating Inline Networks with Inline Tools Using Inline Maps” section in the GigaVUE Fabric Management Guide for details on inline-tool-alias, inline-tool-group-alias, inline-serial-alias, and bypass.

For example:

(config) # map alias map1 to 2/1/x1

encap-tunnel <tunnel-alias>

Attaches the tunnel created for encapsulating the traffic.

For example:

(config map alias <map-name>) # encap-tunnel <tunnel-alias>

To attach an encap-tunnel, ensure that you configure at least one circuit port in the to parameter.

type <firstLevel | flexInline | inline | regular | | transitLevel| secondLevel>       firstLevel [byRule]      flexInline [byRule | collector]      inline [byRule]      regular [byRule]      secondLevel [byRule | flowFilter |          flowSample | flowSample-ol |          flowSample-sip | flowWhitelist |          flowWhitelist-ol | flowWhitelist-sip]

Specifies the map type, as follows:

regular—Specifies a regular map type, with the from parameter specifying network or hybrid ports, or single inline-network or single inline-tool ports (for out-of-band maps) and the to parameter specifying tool or hybrid ports, GigaStream, or port group.
inline—Specifies an inline map type, with the from parameter specifying inline-network pairs or inline-network-groups and the to parameter specifying inline-tool pairs, inline-tool-group, inline-serial, or bypass.
flexInline—Specifies a flexible inline map type, which can only be applied to a single inline network. Each flexible inline map has its own VLAN ID.
firstLevel—Specifies a first level map type, with the from parameter specifying network or hybrid ports and the to parameter specifying virtual ports, used with GigaSMART operations. Specify the firstLevel map type when using the map rule parameter.
transitLevel—Specifies a transit level map type, with the from parameter specifying virtual ports, used with GigaSMART operations, and the to parameter specifying virtual ports. Specify the transitLevel map type when using a gsrule map rule.
secondLevel—Specifies a second level map type, with the from parameter specifying virtual ports, used with GigaSMART operations, and the to parameter specifying tool or hybrid ports, GigaStream, or port group. Specify the secondLevel map type when using a gsrule, flowrule, flowsample, or whitelist map rule.

Also specifies the optional map subtype, as follows:

byRule—Specifies a rule-based map subtype, which is supported on the following:
o firstLevel, inline, flexInline, and regular map types when using the map rule parameter.
o secondLevel map type when using the gsrule parameter.
collector—Specifies a collector map subtype. A collector map for flexible inline arrangements is defined as a subtype of flexible inline map. To create map passalls for flexible inline arrangements, you can define a collector map without any other maps.
flowFilter—Specifies a flow filtering map subtype, which applies to secondLevel map types. Specify the flowFilter map subtype when using a flowrule parameter.
flowSample—Specifies a flow sampling map subtype, which applies to secondLevel map types. Specify the flowSample map subtype when using a flowsample rule.
flowSample-ol—Specifies a flow sampling overlap map subtype, which applies to secondLevel map types. Specify the flowSample-ol map subtype when using a flowsample rule.
flowSample-sip—Specifies a SIP flow sampling map subtype, which applies to secondLevel map types.
flowWhitelist—Specifies a forward list map subtype, which applies to secondLevel map types. Specify the flowWhitelist map subtype when using a whitelist rule.
flowWhitelist-ol—Specifies a forward list overlap map subtype, which applies to secondLevel map types. Specify the flowWhitelist-ol map subtype when using a whitelist rule.
The default map subtype is byRule.

For example:

(config) # map alias map1 type inline byRule

use gsop <gsop alias>

Includes a named GigaSMART operation as part of this map, applying the associated GigaSMART functionality to packets matching any rule in the map (for example, slicing, de-duplication, header stripping, and so on).

Note:  Important— GigaSMART operations must be added to the map before destination ports (to).

This option is only available on nodes or clusters with GigaSMART features available and licensed.

Refer to the “Working with GigaSMART Operations” section in the GigaVUE Fabric Management Guide for details on creating GigaSMART operations.

For example:

(config) # map alias map1 use gsop gsfilter

whitelist    add gtp <apn <pattern> | interface <Gn | S10 |       S11 | S5> | version <1 | 2> | type <imsi | ran |all | wl-alias <alias name> >>    delete all  

  add 5g<dnn<pattern> | type <supi | ran |all | wl-alias <alias name>>   delete all

Adds or deletes a rule in a forward list map as follows:

add gtp—Specifies adding a rule (a pass rule) to a forward list map.
apn—Specifies an Access Point Name (APN).
interface—Specifies a rule based on an Evolved Packet Core (EPC) interface.
version—Specifies a rule based on a GTP version.
type—Specifies the pattern required for the forward list DataBase (DB) lookup.
o imsi/supi — Only IMSI or SUPI value used for the DB lookup.
o ran— Only RAN value used for the DB lookup.
o all — Both RAN and IMSI/SUPI value used for the DB lookup.

Note:  By default, SUPI or IMSI is value is used for the DB lookup, if no type is configured.

wl-alias—Specifies a maximum of ten forward list aliases in a single forward list map. The DB lookup happens only in the configured forward list alias based on the configured DB type. You must consider the following while configuring the forward list aliases:
o When only DB type is configured and there is no forward list alias configured, then the first forward list DB configured in the gsparams is used for the DB lookup.
o When there is no DB type and no whitleist alias are configured, then the lookup happens in all the forward list DB configured in the gsparams.
delete all—Specifies deleting the rules in an existing forward list map.

To specify an APN, use a pattern, with or without a wildcard prefix or suffix, up to a maximum of 100 case-insensitive characters, as well as period (.), hyphen (-), and wildcard (*). APN is not supported on GigaVUE-HB1.

To specify version, use the following:

1 for v1
2 for v2

To specify EPC interfaces, use the following:

Gn for Gn/Gp
S11 for S11/S1-U
S5 for S5/S8
S10

Note:   

Each forward list map can contain only one rule, with either a GTP version or an EPC interface. The rule can also specify an APN.
The rule cannot be edited. To edit a rule, first delete it, then recreate it.
GTP version and EPC interface are mutually exclusive.
A mix of versions and interface types across forward list maps, associated with the same vport, is not supported. This means you can have a maximum of two forward list maps with each map specifying a rule for version 1 and a rule for version 2, OR a maximum of four forward list maps with each map specifying a rule for each interface type.
Up to ten (10) forward list maps can be configured per vport.
Each forward list map, associated with the same vport, uses the same underlying forward list.

For example:

(config) # map alias map1 whitelist add gtp version 1

(config) # map alias map2 whitelist add gtp interface S5

Note that in the examples above, map1 and map2 would have to be associated with two different gsgroups.

Other examples:

(config) # map alias map3 whitelist add gtp apn *mobile.com*

(config) # map alias map1 whitelist delete all

Refer to the GigaSMART GTP Whitelisting and GTP Flow Sampling” section in the GigaVUE Fabric Management Guide for more information.

whitelist    add sip type <all | callee-id | caller-id | dest-ip | id | ip-addr | src-ip>  

Adds a rule in a forward list map as follows:

all—Specifies adding a rule (a pass rule) to a forward list map based on caller, callee, source, desination or IP address.
callee-id—Specifies adding a rule (a pass rule) to a forward list map based on callee-id.
caller-id—Specifies adding a rule (a pass rule) to a forward list map based on caller-id.
dest-ip—Specifies adding a rule (a pass rule) to a forward list map based on destination IP address.
id—Specifies adding a rule (a pass rule) to a forward list map based on callee or caller id.
ip-addr—Specifies adding a rule (a pass rule) to a forward list map based on destination IP address.
src-ip—Specifies adding a rule (a pass rule) to a forward list map based on source IP address.

For example:

config) # map alias sip-whitelist-map add sip type ip-addr

Refer to the GigaSMART GTP Whitelisting and GTP Flow Sampling” section in the GigaVUE Fabric Management Guide for more information.

map priority <map names>

Reorder map priority on an existing chain of maps.

For example:

(config) # map priority map1

Related Commands

The following table summarizes other commands related to the map command:

Task

Command

Displays all maps.

# show map

Displays map accessibility.

# show map access

Displays detailed information for a specified map, including its mapping and rules.

Note:  The existing 'show map' command is enhanced to display the 'SVT mode' as enabled only when Single Tag mode is enabled on Flexinline-SSL maps.

# show map alias map1

Displays detailed information on all maps.

# show map all

Displays map assignment.

# show map assignment

Displays map assignment for a specified map.

# show map assignment alias map1

Displays all maps in a table format.

# show map brief

Displays map mode.

# show map mode

Displays priority of all maps.

# show map priority

Displays priority of a specified map.

# show map priority alias map1

Displays statistics for a specified map.

# show map stats alias map1

Displays statistics for a specified rule.

# show map stats alias map1 rule 2

Displays all map counters.

Note:  When the first level maps are configured for all All Drop rule, this command displays only the total statistics and not individual rule statistics for second level maps.

# show map stats all

Displays all flexible inline maps.

# show map-flexinline

Displays detailed information for a specified flexible inline map.

# show map-flexinline alias FLEX1

Displays all flexible inline maps.

# show map-flexinline all

Deletes a specified map.

Note:  When you delete auto-generated maps (created while deploying solutions through GigaVUE‑FM) via CLI, a warning message will be displayed along with a confirmation about the impact on solutions deployed in GigaVUE‑FM.

(config) # no map alias mymap

Deletes the comments for a specified map.

(config) # no map alias mymap comment

Disables the specified map.

(config) # no map alias mymap enable

Modifies sources configured for a specified map. The delete must be followed immediately by the new from configuration.

(config) # no map alias mymap from

(config) # map alias mymap from 1/1/x1

Deletes the option to pass traffic to tool if there is no matching rule.

(config) # no map alias mymap no-rule-match pass

Deletes the option to pass GTP control traffic (GTP-c) to all GigaSMART engines in a GTP engine group.

(config) # no map alias mymap param traffic control

Deletes an assigned role from a specified map.

(config) # no map alias mymap roles assign monitor

Deletes all assigned roles from a specified map.

(config) # no map alias mymap roles assign all

Deletes all destinations configured for a specified map.

(config) # no map alias mymap to

Deletes the GigaSMART operation associated with a specified map.

(config) # no map alias mymap use gsop

Deletes all maps.

(config) # no map all

Deletes the configured destination and source MAC Address.

(config)# no rewrite-dstmac | no rewrite-srcmac

Deletes the configured destination and source IP Address.

(config)# no rewrite-dstip | no rewrite-srcip