DSCP matching and DSCP marking

This feature has three parts:

DSCP matching in firewall policies

Traffic is allowed or blocked according to the Differentiated Services Code Point (DSCP) values in the incoming packets.

The following CLI variables are available in the config firewall policy command:

tos-mask <mask_value>

Non-zero bit positions are used for comparison. Zero bit positions are ignored (default = 0x00).

This variable replaces the dscp-match variable.

tos <tos_value>

Type of Service (ToC) value that is used for comparison (default = 0x00). This variable is only available when tos-mask is not zero.

This variable replaces the dscp-value variable.

tos-negate {enable | disable}

Enable/disable negated ToS match (default = disable). This variable is only available when tos-mask is not zero.

This variable replaces the dscp-negate variable.