Support User Manuals

Brocade Communications Systems RFS7000 Network Router User Manual

Open as PDF

of 839

460 Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Extended ACL config commands

14

Usage Guidelines

Marks traffic between networks/hosts based on the protocol type selected in the access list

configuration

Use the mark option to specify the type of service (tos) and priority value. The tos value is marked

in the IP header and the 802.1p priority value is marked in the dot1q frame.

The following types of protocols are supported:

• ip

• icmp

• tcp

• udp

Whenever the interface receives the packet, its content is checked against all ACEs in the ACL. It is

marked based on the ACL configuration

• Filtering protocol types TCP/UDP allow the user to specify port numbers as filtering criteria

• Select ICMP to allow/deny ICMP packets (selecting ICMP allows you to filter packets based on

the ICMP type and code

)

NOTE

The log option is functional only for router ACL’s. The log option provides an informational logging

message about the packet matching the entry sent to the console.

[tcp|udp]

[<source-IP/Mask>|any|ho

st <IP>] {eq

<source-port>|range

<starting-source-port>

<ending-source-port>}

[<dest-IP/Mask|any|host

<IP>] {eq <source-port>}

{range

<starting-source-port>

<ending-source-port>} {log}

{rule-precedence <1-5000>}

Use with the mark command to mark TCP or UDP packets

• deny – Rejects TCP or UDP packets

• tcp|udp – Specifies TCP or UDP as the protocol

• <source-IP/Mask>|any|host <IP> – The source is the

source IP address of the network or host (in dotted decimal

format). The source-mask is the network mask. For example,

10.1.1.10/24 indicates the first 24 bits of the source IP are

used for matching.

• any – any is an abbreviation for a source IP of 0.0.0.0, and

the source-mask bits are equal to 0

• host – host is an abbreviation for exact source (A.B.C.D) and

the source-mask bits equal to 32

• eq <source-port> – The source port <source-port> to match.

Values in the range 1 to 65535.

• range <starting-source-port> <ending-source-port> –

Specifies the protocol range (starting and ending protocol

numbers)

• <dest-IP/Mask|any|host <IP> – Defines the destination

host IP address or destination network address

• eq <source-port>} {range <starting-source-port>

<ending-source-port> – Specifies the destination port or

range of ports. Port values are in the range of 1 to 65535.

• log – Generates log messages when the packet coming from

the interface matches the ACL entry. Log messages are

generated only for router ACLs.

• rule-precedence <1-5000> – Defines an integer value

between 1-5000. This value sets the rule precedence in the

ACL.

previous next