Rule-Based IP Access Control Lists (ACLs)
December 2005 © Foundry Networks, Inc. 12 - 11
instead of the name, specify number 3.
• flash-override or 4 – The ACL matches packets that have the flash override precedence. If you specify the
option number instead of the name, specify number 4.
• immediate or 2 – The ACL matches packets that have the immediate precedence. If you specify the option
number instead of the name, specify number 2.
• internet or 6 – The ACL matches packets that have the internetwork control precedence. If you specify the
option number instead of the name, specify number 6.
• network or 7 – The ACL matches packets that have the network control precedence. If you specify the option
number instead of the name, specify number 7.
• priority or 1 – The ACL matches packets that have the priority precedence. If you specify the option number
instead of the name, specify number 1.
• routine or 0 – The ACL matches packets that have the routine precedence. If you specify the option number
instead of the name, specify number 0.
The tos <name> | <num> parameter of the ip access-list command specifies the IP ToS. You can specify one of
the following:
• max-reliability or 2 – The ACL matches packets that have the maximum reliability ToS. The decimal value
for this option is 2.
• max-throughput or 4 – The ACL matches packets that have the maximum throughput ToS. The decimal
value for this option is 4.
• min-delay or 8 – The ACL matches packets that have the minimum delay ToS. The decimal value for this
option is 8.
• min-monetary-cost or 1 – The ACL matches packets that have the minimum monetary cost ToS. The
decimal value for this option is 1.
NOTE: This value is not supported on 10 Gigabit Ethernet modules.
• normal or 0 – The ACL matches packets that have the normal ToS. The decimal value for this option is 0.
• <num> – A number from 0 – 15 that is the sum of the numeric values of the options you want. The ToS field
is a four-bit field following the Precedence field in the IP header. You can specify one or more of the following.
To select more than one option, enter the decimal value that is equivalent to the sum of the numeric values of
all the ToS options you want to select. For example, to select the max-reliability and min-delay options,
enter number 10. To select all options, select 15.
The dscp-cos-mapping option maps the DSCP value in incoming packets to a hardware table that provides
mapping of each of the 0 – 63 DSCP values, and distributes them among eight traffic classes (internal priorities)
and eight 802.1p priorities.
NOTE: The dscp-cos-mapping option overrides port-based priority settings.
The dscp-marking option enables you to configure an ACL that marks matching packets with a specified DSCP
value Enter a value from 0 – 63. See “Using an IP ACL to Mark DSCP Values (DSCP Marking)” on page 12-23.
The dscp-matching option matches on the packet’s DSCP value. Enter a value from 0 – 63. This option does not
change the packet’s forwarding priority through the device or mark the packet. See “DSCP Matching” on page 12-
24.
The log parameter enables SNMP traps and Syslog messages for packets denied by the ACL.
You can enable logging on ACLs and filters that support logging even when the ACLs and filters are already in use.
To do so, re-enter the ACL or filter command and add the log parameter to the end of the ACL or filter. The
software replaces the ACL or filter command with the new one. The new ACL or filter, with logging enabled, takes
effect immediately.
To Next Page
Loading...
Need help?
General
