206 MES3000 Ethernet switch series
Defines MAC address of the packet destination.
A bit mask applied to MAC
address of the packet
destination.
The mask defines the bits of the MAC address which should be
ignored. "1" should be written to all ignored bites. The mask is
used the same way as the source_wildcard mask.
VLAN subnetwork for packets filtering.
Class of service (CoS) for packets filtering.
A bit mask applied to the
class of service (CoS) of the
packets being filtered.
The mask defines the CoS bits which should be ignored. "1"
should be written to all ignored bites. For example, in order to
use CoS 6 and 7 in a filtration rule, the CoS field should have
value 6 or 7 and the mask field should have value 1 (the binary
form of 7 is 111, and 1 is 001; thus, the last bit will be ignored,
i. e. CoS may be 110 (6) or 111 (7)).
Range of values: 0–0xFFFF.
Ethernet type in hex form for the packets being filtered.
Disables the port which was used to send a packet fulfilling the
requirements of a deny command.
Enables message log registration when a packet is received
which corresponds to the record.
Name of the time-range
configuration profile
Defines configuration of time periods.
Byte offset from the key
point.
Specifies that the user templates list should be used for
packets recognition. Every ACL may have its own templates list
defined.
The index indicates position of the rule in a table. The lower
the index, the higher is the priority (1–2,147,483,647).
In order to select the whole range of parameters except dscp and ip-precedence, the any
parameter is used.
As soon as at least one record has been added to ACL, the last record is set by default to
deny any any. That means that all packets, which do not fulfil ACL requirements, will be
dropped.
Table 5.251 Configuration commands for MAC-based ACLs
permit
{any|{source source- wildcard}
{any|destination destination_wildcard}
[vlan vlan_id]
[cos cos cos_wildcard] [eth-type]
[time-range time_name] [index index]
[offset-list offset_list_name]
Adds a permit filtration record. Packets which fulfil the record's requirements
will be processed by the switch.
deny
{any|{source source- wildcard}
{any|{ destination destination_wildcard}}
[vlan vlan_id]
[cos cos cos_wildcard] [eth-type]
[time-range time_name]
[disable-port|log-input] [index index]
[offset-list offset_list_name]
Adds a deny filtration record. Packets which fulfil the record's requirements
will be blocked by the switch. If the disable-port keyword is specified, the
physical interface receiving the packet will be disabled.
If the log-input keyword is specified, the physical a message will be sent to the
system log.
offset-list offset_list_name { offset_base
offset mask value} …
Creates a user templates list with the name specified in the name field. The
name should contain from 1 to 32 characters.
One command may contain up to 13 templates (depends on the selected
system mode) having the following parameters:
offset_base—basic offset. Possible values:
L2—offset from the beginning of Ethernet frame
outer-tag—beginning of STAG offset
inner-tag—beginning of CTAG offset
src-mac—beginning of source MAC offset
dst-mac—beginning of destination MAC offset
To Next Page
Loading...
