port-association-service-add

The Inline Service feature manages service chains for Layer 1 Virtual Wire switches. The term, Inline Services, refers to services attached to a Layer 1 Virtual Wire switch such as Next-Generation Firewall (NGFW), Intrusion Detection System (IDS), Intrusion Prevention System (IPS), and Distributed Denial of Service attack (DDoS) Prevention.

When an Inline Service fails, a policy determines if traffic is allowed to bypass the Inline Services or if the traffic is blocked until the Inline Services recovers.

This command is used to add a port association service.

Syntax   port-association-service-add

i

port-association-name name-string

Displays the name of the port association to apply the service.

switch name-string

Displays the switch name where the service is located.

inline-service inline-service-name

Displays the name of the Inline Service.

order number

Displays a number to designate the order of the service. This is a value between 1 and 65535

policy-action fail-open|fail-closed

Displays a policy action when the service fails on the network.

Defaults   None

Access   Network Administrator

History   Command introduced in Version 2.6.0.

Usage   Use this command to add a port association service.

Examples  To add a port association service on leaf1, inline-service, NGFW, order 1, and fail-policy fail-open, use the following syntax:

CLI network-admin@switch > port-association-service-add port-association-name CHAIN switch leaf1 inline-service NGFW order 1 fail-policy fail-open