DGS-3610 Series Configuration Guide Chapter 44 Access Control List Configuration
DSAP (destination
service access point)
field
SSAP (source service
access point) field
IP header length and
reservation bits
Reservation bit and flags
bit
In the table above, the offset of each field is the same as that in the SNAP+tag 802.3 data
frame. In the user-defined access control list, the user can use two parameters, the rule
mask and offset, to abstract any byte from the first 64 bytes of the data frame, and then
compare it with the user defined rule to filter the matched data frame for corresponding
processing. The user defined rule can be some fixed attributes of the data. For example, the
user wants to filter all the TCP packets by defining the rule as 06, rule mask as FF and offset
as 35. Here, the rule mask and offset work together to abstract the contents of the TCP
protocol ID field in the received data frame, and compare it with the rule to filter all TCP
packets.
DGS-3610-26P does not support ACL80. ACL80 does not support the
function of matching packets of Ethernet, 803.3snap and 802.3llc. If the
value of matching DSAP to the cntl field is set to AAAA03, it indicates the
803.3snap packet is to be matched. If the value is set to E0E003, it
indicates that the 803.3llc packet is to be matched. The field cannot be
matched for Ethernet packets.
Precautions for configuration:
Only 16 bytes can be matched at will for ACL80. If the resource is occupied, you cannot
match any other byte. For example,
DGS-3610(config)# expert access-list advanced name
DGS-3610(config-exp-dacl)#permit 11223344556677889900aabbccd
deeff ffffffffffffffffffffffffffffffff 50
Add another ACE:
DGS-3610(config-exp-dacl)#permit 11223344556677889900aabbccd
To Next Page
Loading...
Need help?
General