Automated Service

Selecting an Automated Service opens the Automated Service tab which enables you to define settings for the service. For more information on services, see How to Create a Service.

Service Name
Name of the selected service.
Description
Use the Edit button to open a window where you can enter or modify a description of the service.
TCI Overwrite
Specify the TCI Overwrite functionality for the service:
  • Enabled - Enabling TCI Overwrite enables the VLAN (access control) and class of service characteristics defined in this service to overwrite the VLAN or class of service (CoS) tag in a received packet, if that packet has already been tagged with VLAN or CoS information.
  • Disabled - If this option is disabled the TCI Overwrite option is ignored, but lower-precedence rules and the role default actions can still specify TCI Overwrite for the data packet if there is a match.
  • Prohibited - Do not set TCI Overwrite for this data packet, even when a lower-precedence rule or the role default actions has the TCI Overwrite option set to enabled.

Traffic Description Area

Use this area to provide the specifications for an automated service. Specify the network resource type, the network resources for the service, and the rule type. Some rule types require that you enter certain parameters and/or values. This section is not displayed for a Manual service.

Type
Select the Edit button to select the type of rule you want to create for the network resources. Some rule types require you enter certain parameters and/or values. See Classification Types and their Parameters for parameter information. Select and/or enter the required parameters.
Network Resource Type
Select the network resource type (Layer 2 MAC or Layer 3 IP). This will determine the list of network resources available for selection for this service.
Network Resources
Use the drop-down list to select the network resources to associate with the automated service. Use the configuration menu button to the right of the list to add a network resource or view and edit your network resources. For more information, see How to Create a Network Resource.

Actions Area

Use this area to define the access control and/or a class of service for the Automated service rule. This section is not displayed for a Manual service.

Access Control
Use this drop-down list to select the appropriate access control for the rule. You can permit traffic to be forwarded, deny traffic altogether, or contain traffic to a VLAN. Select None to disable access control for this rule.
  • Permit Traffic - enables traffic to be forwarded with the port's assigned VID.
  • Deny Traffic - traffic will be automatically discarded.
  • Contain to VLAN - contains traffic to a specific VLAN. Use the drop-down list to select the desired VLAN. Use the Contain to VLAN drop-down list to select a VLAN.
Class of Service
Use the drop-down list to select a class of service to associate with the service. The Policy tab lets you define classes of service that each include an 802.1p priority, and optionally an IP type of service (ToS/DSCP) value, rate limits, and transmit queue configuration. You can then assign a class of service as a classification rule action. See Getting Started with Class of Service and How to Create a Class of Service for more information. Select None to disable class of service for this rule. Use the configuration menu button to the right of the drop-down list to add or edit a Class of Service.

When rule accounting is enabled on a device, each rule keeps a list of the ports on which it has been used. The next three options enable you to specify certain rule usage actions to take place when a "rule hit" is reported.
System Log
Specify System Log functionality for the rule:
  • Enabled - If this option is enabled, a syslog message is generated when the rule is used. This option must be enabled if you are configuring Policy Rule Hit Reporting on your devices.
  • Disabled - If this option is disabled and this rule is hit, it does not generate a Syslog message, but lower-precedence rules and the role default actions can still specify a syslog message be sent for this data packet if there is a match.
  • Prohibited - If this rule is hit, no syslog message is generated for this data packet, even when a lower-precedence rule or the role default actions has the System Log action set to enabled.
Audit Trap
Specify Audit Trap functionality for the rule:
  • Enabled - If this option is enabled, an audit trap is generated when the rule is used.
  • Disabled - If this option is disabled and this rule is hit, it does not generate an audit trap, but lower-precedence rules and the role default actions can still specify generating an audit trap for this data packet if there is a match.
  • Prohibited - If this rule is hit, no audit trap is generated for this data packet, even when a lower-precedence rule or the role default actions has the Audit Trap action set to enabled.
Disable Port
Specify Disable Port functionality for the rule:
  • Enabled - If this option is enabled, any port reported as using this rule is disabled. Ports that have been disabled due to this option are displayed in the device Role/Rule tab.
  • Disabled - If this option is disabled and this rule is hit, it does not disable the port, but lower-precedence rules and the role default actions can still specify disabling the port for this data packet if there is a match.
  • Prohibited - If this rule is hit, the port is not disabled, even when a lower-precedence rule or the role default actions has the Disable Port action set to enabled.
Traffic Mirror
Specify traffic mirroring functionality for the rule:
  • Select port group(s) - Use the drop-down list to select the port groups where mirrored traffic will be sent for monitoring and analysis. Use the configuration menu button to the right of the drop-down list and select View/Modify Port Groups to open the Port Groups tab where you can define user-defined port groups for selection.
  • Disabled - If this option is disabled and this rule is hit, traffic mirroring will not take place, but lower-precedence rules and the role default actions can still specify traffic mirroring for this data packet if there is a match.
  • Prohibited - If this rule is hit, traffic mirroring is disabled, even when a lower-precedence rule or the role default actions has the Traffic Mirror action specified.
Quarantine Role
Specify Quarantine role functionality for the rule:
  • Enabled - If this option is enabled, any role reported as using this rule is quarantined.
  • Disabled - If this option is disabled and this rule is hit, it does not quarantine the role, but lower-precedence rules and the role default actions can still specify quarantining the role for this data packet if there is a match.
  • Prohibited - If this rule is hit, the role is not quarantined, even when a lower-precedence rule or the role default actions has the Quarantine Role action set to enabled.

Related Information

For information on related help topics:

Top