The user-defined-flow command configures a user-defined flow.
The undo user-defined-flow command deletes the configuration.
By default, no user-defined flow is configured.
| Parameter | Description | Value |
|---|---|---|
| flow-id |
Specifies the number of a user-defined flow. A smaller number indicates a higher priority. |
The value is an integer that ranges from 1 to 64. |
| ipv6 |
Sets rules for the IPv6 user-defined flow. If this parameter is not specified, the rules are set for the IPv4 user-defined flow. |
- |
| acl acl-number |
Specifies the number of an ACL. |
The value is an integer that ranges from 2000 to 3999. |
| name acl-name |
Specifies the name of an ACL. |
The value is a string of 1 to 64 case-sensitive characters, spaces not supported. |
| prior |
Configures the highest priority for a user-defined flow in the whitelist, blacklist, and user-defined flows. This function currently applies only to BGP IPv4 packets. |
- |
Usage Scenario
You can add packets matching specific ACL rules to a user-defined flow and then impose restrictions on these packets as required. Types of data flows restricted by the whitelist and blacklist are limited. When unknown attacks occur on the network, you can flexibly configure ACL rules to add packets to the user-defined flow and then impose restrictions as required.
When an ACL is bound to a user-defined flow, the rules containing NEQ, time-range, or vpn-instance in the ACL do not take effect. The other rules can take effect.Prerequisites
ACL rules are configured.
Precautions
If both the user-defined-flow acl prior and process-sequence commands are configured in an attack defense policy, the process-sequence command configuration does not take effect for user-defined flows configured with prior.
If a CAR value has been configured for a user-defined flow, you need to consider the impact on the configured CAR when binding an ACL rule.In VS mode, this command is supported only by the admin VS.