Using Access Control Lists
Summit24e3 Switch Installation and User Guide 103
Figure 16: Permit-established access list filters out SYN packet to destination
Example 2: Filter ICMP Packets
This example creates an access list that filters out ping (ICMP echo) packets. ICMP echo packets are
defined as type 8 code 0.
The commands to create this access control list is as follows:
create access-mask icmp_mask ipprotocol icmp-type icmp-code
create access-list denyping icmp_mask ipprotocol icmp icmp-type 8 icmp-code 0 deny
The output for this access list is shown in Figure 17.
Figure 17: ICMP packets are filtered out
Example 3: Rate-limiting Packets
This example creates a rate limit to limit the incoming traffic from the 10.10.10.x subnet to 10 Mbps on
ingress port 2. Ingress traffic on port 2 below the rate limit is sent to QoS profile qp1 with its DiffServ
code point set to 7. Ingress traffic on port 2 in excess of the rate limit will be dropped.
The commands to create this rate limit is as follows:
create access-mask port2_mask source-ip/24 ports precedence 100
create rate-limit port2_limit port2_mask source-ip 10.10.10.0/24 port 2 permit qp1 set
code-point 7 limit 10 exceed-action drop
EW_037
10.10.10.100 10.10.20.100
SYN
SYN
EW_089
10.10.10.1
10.10.10.100 10.10.20.100
10.10.20.1
NET20 VLANNET10 VLAN
ICMP
To Next Page
Loading...
Need help?
General
