ACL Filter Policy Overview
474 Router Configuration Guide
• ssap— Entering an Ethernet 802.2 LLC SSAP value allows the filter to search for
matching frames with a source access point on the network node designated in the
source field of the packet. Operator can optionally configure a mask to be used in a
match.
• dsap— Entering an Ethernet 802.2 LLC DSAP value allows the filter to search for
matching frames with a destination access point on the network node designated in
the destination field of the packet. Operator can optionally configure a mask to be
used in a match.
• snap-oui— Entering an Ethernet IEEE 802.3 LLC SNAP OUI allows the filter to
search for matching frames with the specified the three-byte OUI field.
• snap-pid— Entering an Ethernet IEEE 802.3 LLC SNAP PID allows the filter to
search for the matching frames with the specified two-byte protocol ID that follows
the three-byte OUI field.
• isid — Entering an Ethernet IEEE 802.1ag ISID from the I-TAG value allows the
filter to search for the matching Ethernet frames with the 24 bits ISID value from the
PBB I-TAG. This match criterion is mutually exclusive with all the other match
criteria under a particular mac-filter policy and is applicable to MAC filters of type
isid only. The resulting mac-filter can only be applied on a BVPLS SAP or PW in the
egress direction.
• inner-tag/outer-tag — Entering inner-tag/outer-tag VLAN ID values allows the
filter to search for the matching Ethernet frames with the non-service delimiting tags
as described In “VID MAC filters” subsection later-on this. This match criterion is
mutually exclusive with all other match criteria under a particular mac-filter policy
and is applicable to MAC filters of type vid only.
Filter Policy Actions
The following lists actions supported by ACL filter policies
• drop — This action allows operators to deny traffic to ingress/egress the system
• forward — This action allows operators to permit traffic to ingress/egress the system
and be subject to regular processing
• rate-limit — This action allows operators to limit the rate of traffic ingressing the
system through IPv4, IPv6, or MAC filter policies. Packets matching the filter
condition are dropped when the traffic rate is above the configured rate limiter value,
and forwarded if the traffic rate is below the configured rate limiter value.
If multiple interfaces (including LAG interfaces) use the same rate-limit filter policy
on different FPs, the system will allocate a rate limiter resource for each FP; an
independent rate limit applies to each FP.
To Next Page
Loading...
