MES53xx, MES33xx, MES23xx Ethernet Switch Series 181
filtered out. In order to add all MAC addresses beginning from
00:00:02:AA.xx.xx to a filtering rule, specify the mask
0.0.0.0.FF.FF. According to the mask the last 32 bits of the
MAC address will not be used in analysis.
Specify the destination MAC address of the packet.
A bit mask applied to the
destination MAC address of
the packet.
The mask specifies the bits of the MAC address which should
be ignored. “1” indicates an ignored bit. This mask is used
similarly to the source_wildcard mask.
VLAN subnetwork for packets filtering.
Class of service (CoS) for packets filtering.
A bit mask applied to the
class of service (CoS) of the
packets being filtered.
The mask specifies the bits of the CoS that should be ignored.
“1” indicates an ignored bit. For example, in order to use CoS 6
and 7 in a filtering rule, the CoS field should have value 6 or 7
and the mask field should have value 1 (the binary form of 7 is
111, and 1 is 001; thus, the last bit will be ignored, i. e. CoS can
be either 110 (6) or 111 (7)).
Ethernet type in hex form for the packets being filtered.
Disable the port when receiving a packet from it that satisfies
the conditions of a deny command.
Enable message logging upon receiving a packet that matches
the entry.
Name of the time-range
configuration profile
Specify configuration of time periods.
The index indicates position of the rule in the table. The lower
the index, the higher the priority (1 to 2,147,483,647).
In order to select the complete range of parameters except dscp and ip-precedence, use
As soon as at least one entry has been added to the ACL, the last entry is set by default to
the ACL conditions.
Table 5.209. MAC-based ACL configuration commands
permit {any | source source_wildcard}
{any | destination destination_wildcard}
[vlan vlan_id] [cos cos cos_wildcard]
[eth_type] [time-range time_name]
index]
Add a permit filtering entry. The packets that meet the entry's conditions will
be processed by the switch.
deny {any | source source_wildcard}
{any | destination destination_wildcard}
[vlan vlan_id] [cos cos cos_wildcard]
[eth_type] [time-range time_name]
[disable-port | log-input]
index]
Add a deny filtering entry. The packets that meet the entry's conditions will be
blocked by the switch. If the disable-port keyword is specified, the physical
interface receiving the packet will be disabled.
If the log-input keyword is specified, a message will be sent to the system log.
11.4 DoS attack protection configuration
This type of commands is used to block certain common types of DoS attacks.
Global configuration mode commands
Command line prompt in the global configuration mode is as follows:
console (config)#
To Next Page
Loading...
Need help?
General
