Quality of Service (QoS) Commands 46
© 2001- 2006 Hirschmann Automation and Control GmbH. All Rights Reserved.
Action Displays the action associated with each rule. The possible values are permit or deny.
Source MAC Address Displays the source MAC address for this rule.
Source MAC Mask Displays the source MAC mask for this rule.
Destination MAC Address Displays the destination MAC address for this rule.
Destination MAC Mask Displays the destination MAC mask for this rule.
Ethertype Displays the Ethertype keyword or custom value for this rule.
VLAN ID Displays the VLAN identifier value or range for this rule.
COS Displays the COS (802.1p) value for this rule.
Assign Queue Displays the 802.1p user priority to which packets matching this rule are assigned.
Redirect Interface Displays the slot/port to which packets matching this rule are forwarded.
5.2 IP Access Control List (ACL) Commands
IP Access Control Lists (ACLs) ensure that only authorized users have access to specific resources
while blocking off any unwarranted attempts to reach network resources.
Note:
IP ACL configuration for IP packet fragments is not supported.
ACLs are supported in the inbound direction only.
The maximum number of ACLs of any type that can be created is 100.
The maximum number of rules per IP ACL is 10.
The maximum number of rules per interface is 20 (100 for Software Version L3P).
ACLs are configured separately for Layer 2 and Layer 3/Layer 4 and cannot be applied to the
same interface.
Wildcard masking for IP ACLs (srcmask, dstmask) operates differently from a subnet mask. A
wildcard mask is in essence the inverse of a subnet mask. With a subnet mask, the mask has
ones (1's) in the bit positions that are used for the network address, and has zeros (0's) for the
bit positions that are not used. In contrast, a wildcard mask has (0’s) in a bit position that must
be checked. A ‘1’ in a bit position of the ACL mask indicates the corresponding bit can be
ignored. The mask for the TOS value (tosmask) uses the common notation, i.e. the mask has
ones (1's) in the bit positions that must be checked.
5.2.1 access-list
This command creates an IP Access Control List (ACL) that is identified by the parameter
<
accesslistnumber>.
The IP ACL number (<accesslistnumber>) is an integer from 1 to 199. The
<
accesslistnumber> range 1 to 99 is for an IP standard ACL and the <accesslistnumber>
range 100 to 199 is for an IP extended ACL.
The IP ACL rule is specified with either a permit or deny action.
The protocol to filter for an IP ACL rule is specified by giving the protocol to be used like
icmp,igmp,ip,tcp,udp.
The command specifies a source ipaddress and source mask for match condition of the IP ACL rule
specified by the srcip and srcmask parameters.
To Next Page
Loading...
Need help?
General
