MES3000 Ethernet switch series 205
deny tcp
{any|source_prefix/length}
{any | source_port}
{ any|destination_prefix/length}
{any| destination_port}
[dscp dscp | precedence precedence]
[match-all list_of_flags]
[time-range time_name]
[disable-port|log-input]
[offset-list offset_list_name]
Adds a deny filtration record for the TCP. Packets which fulfil the record's
requirements will be blocked by the switch. If the disable-port keyword is
specified, the physical interface receiving the packet will be disabled. If
the log-input keyword is specified, the physical a message will be sent to
the system log.
deny udp
{any|source_prefix/length}
{any | source_port}
{ any|destination_prefix/length}
{any| destination_port}
[dscp dscp | precedence precedence]
[match-all list_of_flags]
[time-range time_name]
[disable-port|log-input]
[offset-list offset_list_name]
Adds a deny filtration record for the UDP. Packets which fulfil the record's
requirements will be blocked by the switch. If the disable-port keyword is
specified, the physical interface receiving the packet will be disabled. If
the log-input keyword is specified, the physical a message will be sent to
the system log.
offset-list offset_list_name { offset_base offset
mask value} …
Creates a user templates list with the name specified in the name field.
The name should contain from 1 to 32 characters.
One command may contain up to 13 templates (depends on the selected
system mode) having the following parameters:
offset_base—basic offset. Possible values:
L3—beginning of the IPv6 header, L4—end of the IPv6 header.
offset—byte offset within a packet. Basic offset is considered as a
starting point.
mask—mask. Packet analysis is performed only for the bytes
digits which have "1" specified as defined in the mask.
value—the set value.
no offset-list offset_list_name
Removes a previously created list.
5.29.3 MAC ACL Configuration
The section provides values and description of main parameters which are used in MAC ACL
configuration commands.
In order to create a MAC ACL and enter its configuration mode, use the following command: mac
access-list extended access-list. For example, to create the MESmac ACL, the following commands
should be executed:
console#
console# configure
console(config)# mac access-list extended MESmac
console(config-mac-al)#
Table 5.250 Main parameters of commands
Creates a permitting filtration rule in ACL.
Creates a denying filtration rule in ACL.
Defines address of the packet source.
A bit mask applied to MAC
address of the packet
source.
The mask defines the bits of the MAC address which should be
ignored. "1" should be written to all ignored bites. For
example, the mask can be used to define a MAC range for a
filtration rule. In order to add all MAC addresses beginning
from 00:00:02:AA.хх.хх to a filtration rule, the 0.0.0.0.FF.FF
mask should be specified. According to the mask the last 32
bits of MAC address will not be used in analysis.
To Next Page
Loading...
