ADC CLI Commands

policy-dataset

The following operations can be performed on “policy-dataset”:

rm set unbind unset bind add show

rm policy dataset

Removes a dataset from the appliance.

Synopsis

rm policy dataset

Arguments

name Name of the dataset to remove.

Example

rm policy dataset pat1

set policy dataset

Sets the supported attribute on a given dataset.

Synopsis

set policy dataset \[-dynamic \( YES | NO )]

Arguments

name Name of the dataset. Must not exceed 127 characters.

dynamic This is used to populate internal dataset information so that the dataset can also be used dynamically in an expression. Here dynamically means the dataset name can also be derived using an expression. For example for a given dataset name “allow_test” it can be used dynamically as client.ip.src.equals_any(“allow_” + http.req.url.path.get(1)). This cannot be used with default datasets.

Possible values: YES, NO Default value: NO

Example

set policy dataset data1 -dynamic yes

unbind policy dataset

Unbind string(s) from a dataset.

Synopsis

unbind policy dataset [-endRange ]

Arguments

name Name of the dataset from which to unbind the value.

value Value to unbind from the dataset.

endRange End value for a range to unbind. This is optional; just the start range value is sufficient to unbind a range. If specified, it must match the end range specified in the bind. It cannot be a subnet or used with a bound subnet.

Example

unbind policy dataset pat1 bar xyz

unset policy dataset

Use this command to remove policy dataset settings.Refer to the set policy dataset command for meanings of the arguments.

Synopsis

unset policy dataset [-dynamic]

bind policy dataset

Binds a value of the specified type to the dataset. If the first value is bound by using an index label, the other bind statements to that set should also provide an index. User can bind 50,000 values to a dataset. With the pattern set file, only 10,000 values can be bound. If the dataset is used in a streaming case, then only 5,000 values can be bound to that dataset. A dataset is used in a streaming case when it is used an HTTP body expression, a TCP payload expression, or the rewrite action search parameter. NOTE: With smaller number of values, user can see better performance at the configuration time.

Synopsis

bind policy dataset [-index ] [-endRange ] [-comment ]

Arguments

name Name of the dataset to which to bind the value.

value Value of the specified type that is associated with the dataset. For ipv4 and ipv6, value can be a subnet using the slash notation address/n, where address is the beginning of the subnet and n is the number of left-most bits set in the subnet mask, defining the end of the subnet. The start address will be masked by the subnet mask if necessary, for example for 192.128.128.0/10, the start address will be 192.128.0.0.

index The Index of the value associated with set. Minimum value: 1 Maximum value: 4294967290

endRange The dataset entry is a range from through , inclusive. endRange cannot be used if value is an ipv4 or ipv6 subnet and endRange cannot itself be a subnet.

comment Any comments to preserve information about this dataset or a data bound to this dataset.

Example

bind policy dataset ts1 192.168.20.1 -index 2

add policy dataset

Adds a policy dataset to the appliance. The patset file option can be used to bind the patterns contained in a file, which is imported from Citrix ADC or from an external location (please check import/add/update patsetfile). A dataset can be configured with at most one patsetfile!

Synopsis

add policy dataset \[-comment ] \[-patsetFile ] \[-dynamic \( YES | NO )]

Arguments

name Name of the dataset. Must not exceed 127 characters.

type Type of value to bind to the dataset.

Possible values: ipv4, number, ipv6, ulong, double, mac

comment Any comments to preserve information about this dataset or a data bound to this dataset.

patsetFile File which contains list of patterns that needs to be bound to the dataset. A patsetfile cannot be associated with multiple datasets.

dynamic This is used to populate internal dataset information so that the dataset can also be used dynamically in an expression. Here dynamically means the dataset name can also be derived using an expression. For example for a given dataset name “allow_test” it can be used dynamically as client.ip.src.equals_any(“allow_” + http.req.url.path.get(1)). This cannot be used with default datasets.

Possible values: YES, NO Default value: NO

Example

add policy dataset ts1 IPV4

show policy dataset

Display the configured dataset(s).

Synopsis

show policy dataset [] [-dynamicOnly]

Arguments

name Name of the dataset. Must not exceed 127 characters.

dynamicOnly Shows only dynamic datasets when set true. Default value: 0

Output

stateflag value Value of the specified type that is associated with the dataset. For ipv4 and ipv6, value can be a subnet using the slash notation address/n, where address is the beginning of the subnet and n is the number of left-most bits set in the subnet mask, defining the end of the subnet. The start address will be masked by the subnet mask if necessary, for example for 192.128.128.0/10, the start address will be 192.128.0.0.

endRange The dataset entry is a range from through , inclusive. endRange cannot be used if value is an ipv4 or ipv6 subnet and endRange cannot itself be a subnet.

index The index of the value (ipv4, ipv6, number) associated with the set.

type Type of value to bind to the dataset.

MaxIndex Maximum number of values bounded to dataset. The maxindex value will not be decreased when we unbind a value from the dataset. This field is used in auto-generated indexing type.

comment Any comments to preserve information about this dataset or a data bound to this dataset.

patsetFile File which contains list of patterns that needs to be bound to the dataset. A patsetfile cannot be associated with multiple datasets.

dynamic This is used to populate internal dataset information so that the dataset can also be used dynamically in an expression. Here dynamically means the dataset name can also be derived using an expression. For example for a given dataset name “allow_test” it can be used dynamically as client.ip.src.equals_any(“allow_” + http.req.url.path.get(1)). This cannot be used with default datasets.

devno count

Example

show policy dataset set1

policy-dataset