Chapter 54 ACL Commands
•smac < mac > dmac <mac>
•vlan < vid > priority <priority>
•etype <etype>
•vlan <vid>
•smac <mac>
•dmac <mac>
•priority <priority>
•protocol <protocol>
•srcip <ip>/<mask> [dstip <ip>/<mask> [tos <tos> [srcport <sport> <eport> [dstport <sport> <eport>]]]]
where
•etype <etype> = Ethernet type (0~65535).
•vlan <vid> = VLAN ID (1~4094).
•smac <mac> = Source MAC address.
•dmac <mac> = Destination MAC address.
•priority <priority> = Priority (0 ~ 7)
•protocol <protocol> = Protocol type: tcp, udp, ospf, igmp, ip, gre, icmp or user specified IP protocol number <0 ~ 255>.
•srcip <ip>/<mask> = Source IP address and subnet mask (0~32).
•dstip <ip>/<mask> = Destination IP address and subnet mask (0~32).
•tos <stos> <etos> = Sets the ToS (Type of Service) range between 0 and 255.
•srcport <sport> <eport> = Source port range (0~65535).
•dstport <sport> <eport> = Destination port range (0~65535).
The following guidelines apply to classifiers.
•You can apply one classifier for a protocol on a port’s PVC.
•You cannot create a classifier that contains matching criteria for layer 2 and layer 3 fields. For example switch acl profile set test protocol tcp vlan 15 deny is not allowed as protocol type and VLAN do not belong to the same network layer.
•Each type of criteria can only be used once in a classifier. For example, profile acl set test protocol tcp protocol udp deny is not allowed. For this example, you need to create a separate classifier for each protocol and apply them to the same PVC(s).
The following example creates an ACL rule example named test for traffic from VLAN 10 with a priority level of 2. This rule limits the rate on the classified traffic to 1000 kbps and changes the priority level to 7.
Figure 289 ACL Profile Set Command Example
ras> switch acl profile set test vlan 10 priority 2 rate 1000 rpri 7
400 |
| |
| ||
|
|
|