EasyManua.ls Logo

Supermicro SSE-F3548S - Creating IP Extended Acls for UDP Traffic

Supermicro SSE-F3548S
366 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide
242
SMIS(config-ext-nacl)# redirect fx 0/10 udp 172.20.20.0 255.255.255.0 host 172.20.0.1 eq 1000
8.3.12 Creating IP Extended ACLs for UDP Traffic
Follow the steps below to create an IP Extended ACL for TCP traffic.
Step
Command
Description
Step 1
configure terminal
Enters the configuration mode
Step 2
ip access-list extended{ <access-list-number(1-
32768)> | <access-list-name> }
Creates an IP Extended ACL using the
ip-access-list extended command.
access-list-numbercan be any
number from 1 to 32768
access-list-namecan be any name
string up to 32 characters.
Step 3
denyudp {any | host<src-ip-address> | <src-
ip-address><src-mask> } [{eq<port-number (0-
65535)> }] { any | host<dest-ip-address> |
<dest-ip-address><dest-mask> } [{eq<port-
number (0-65535)> }] [{tos<value (0-
255)>|dscp<value (0-63)>}] [
priority<short(1-255)>]
or
permitudp {any | host<src-ip-address> |
<src-ip-address><src-mask> } [{eq<port-
number (0-65535)> }] { any | host<dest-ip-
address> | <dest-ip-address><dest-mask> }
[{eq<port-number (0-65535)> }] [{tos<value
(0-255)>|dscp<value (0-63)>}] [
priority<short(1-255)>]
or
redirect<interface-type><interface-id>tcp {any |
host<src-ip-address> | <src-ip-address><src-
mask> } [{eq<port-number (0-65535)> }] {
any | host<dest-ip-address> | <dest-ip-
address><dest-mask> } [{eq<port-number (0-
65535)> }] [{tos<value (0-255)>|dscp<value
(0-63)>}] [ priority<short(1-255)>]
Configuresa deny, permit or redirect
ACL rule.
The source and destination IP
addresses can be provided with
keyword host.
The keyword anycan be used to refer to
any IP addresses.
To configure a network IP, address and
mask should be provided.
To apply this rule to packets with
specific UDP ports, userscan configure
either the source or destination UDP
ports.
The specific UDP port is provided with
the keyword eq.
To apply this rule to packets with
specific TOS values, use the keyword
tos and specify the TOS value to be
matched. User can specify any TOS
values from 0 to 255. The user provided
TOS value will be matched exactly
against the type of service byte on the
IPv4 header of the received packets.
Hence users have to provide the TOS
byte value combining the precedence
and type of service fields of IP header.
This TOS configuration is optional.
To apply this rule to packets with
specified DSCP values, use the keyword
dscp and the specific DSCP values to be

Table of Contents

Related product manuals