If-match clause, Apply clause – H3C Technologies H3C SecPath F1000-E User Manual

832

Table 87 Relationship between the match mode and the clauses

If a packet…

Then…
In permit mode

In deny mode

Matches all the if-match clauses on
the policy node

The apply clause is executed, and
the packet will not go to the next

policy node for a match.

The apply clause is not executed,
the packets will not go to the next

policy node for a match, and will

be forwarded according to the
routing table.

Fails to match an if-match clause
on the policy node

The apply clause is not executed,
and the packet will go to the next

policy node for a match.

The apply clause is not executed,
and the packet will go to the next

policy node for a match.

NOTE:
•

If a policy has a node with no if-match clause configured, all packets can pass the policy node.
However, an action is taken according to the match mode, and the packets will not go to the next policy
node for a match.

•

If a policy has a node with the permit match mode but no apply clause configured, all packets matching
all the if-match clauses can pass the policy node. However, no action is taken, the packets will not go to

the next policy node for a match, and will be forwarded according to the routing table.

•

If a policy has a node with no if-match or apply clauses configured, all packets can pass the policy
node. However, no action is taken; the packets will not go to the next policy node for a match, and will

be forwarded according to the routing table.

The nodes of a policy are in an OR relationship. If a packet matches a node, it passes the policy; if the

packet does not match any node of the policy, it fails to pass the policy and is forwarded according to

the routing table.

if-match clause

The following types of if-match clause are available: if-match packet-length and if-match acl6.
You can specify only one if-match clause of each type in a policy node. The if-match clauses on a node

have an AND relationship. A packet must satisfy all the if-match clauses of the node before the action

specified by the apply clause is taken.

apply clause

The following types of apply clauses are available: apply ipv6-precedence, apply output-interface,
apply ipv6-address next-hop, apply default output-interface, and apply ipv6-address default next-hop.
For the priorities of the apply clauses in a policy node, see

Table 88

.

Table 88 Priorities of the apply clauses in a policy node

Clause Meaning Priority

apply
ipv6-precedence

Sets an IP precedence.

If configured, this clause will always be executed.

apply
output-interface and
apply ipv6-address

next-hop

Sets the outgoing interface
and next hop.

The apply output-interface clause takes precedence
over the apply ipv6-address next-hop clause. Only the
apply output-interface clause will be executed when

both are configured.