Extended numbered ACL configuration

max-throughputor 4 – The ACL matches packets that have the maximum throughput ToS. The decimal value for this option is 4.

min-delayor 8 – The ACL matches packets that have the minimum delay ToS. The decimal value for this option is 8.

min-monetary-costor 1 – The ACL matches packets that have the minimum monetary cost ToS. The decimal value for this option is 1.

-normal or 0 – The ACL matches packets that have the normal ToS. The decimal value for this option is 0.

-num – A number from 0 – 15 that is the sum of the numeric values of the options you want. The ToS field is a four-bit field following the Precedence field in the IP header. You can specify one or more of the following. To select more than one option, enter the decimal value that is equivalent to the sum of the numeric values of all the ToS options you want to select. For example, to select the max-reliabilityand min-delayoptions, enter number 10. To select all options, select 15.

NOTE

The following QoS options are only available if a specific ICMP type is specified and cannot be used with the any-icmp-typeoption set for the icmp-typeparameter. See “QoS options for IP ACLs” on page 114 for more information on using ACLs to perform QoS.

The 802.1p-priority-matchingoption inspects the 802.1p bit in the ACL that can be used with adaptive rate limiting. Enter a value from 0 – 7.

The dscp-cos-mappingoption maps the DSCP value in incoming packets to a hardware table that provides mapping of each of the 0 – 63 DSCP values, and distributes them among eight traffic classes (internal priorities) and eight 802.1p priorities.

NOTE

The dscp-cos-mappingoption overrides port-based priority settings.

NOTE

The dscp-cos-mappingoption is not supported for Brocade ICX 6650 devices.

The dscp-markingoption enables you to configure an ACL that marks matching packets with a specified DSCP value. Enter a value from 0 – 63. Refer to “Using an IP ACL to mark DSCP values (DSCP marking)” on page 115.

The dscp-matchingoption matches on the packet’s DSCP value. Enter a value from 0 – 63. This option does not change the packet’s forwarding priority through the device or mark the packet. Refer to “DSCP matching” on page 117.

The log parameter enables SNMP traps and Syslog messages for inbound packets denied by the ACL:

You can enable logging on inbound ACLs and filters that support logging even when the ACLs and filters are already in use. To do so, re-enter the ACL or filter command and add the log parameter to the end of the ACL or filter. The software replaces the ACL or filter command with the new one. The new ACL or filter, with logging enabled, takes effect immediately.

The traffic-policyoption enables the device to rate limit inbound traffic and to count the packets and bytes per packet to which ACL permit or deny clauses are applied. For configuration procedures and examples, refer to the chapter “ACL-based Rate Limiting” on page 141.

94

Brocade ICX 6650 Security Configuration Guide

 

53-1002601-01

Page 114
Image 114
Brocade Communications Systems manual Brocade ICX 6650 Security Configuration Guide