Fujitsu P3NK-4452-01ENZD Computer Hardware User Manual


  Open as PDF
of 614
 
XG Series User's Guide Chapter 5 Command Reference
LAN Information Settings
187
Explanation Set the IP filter for the LAN interface.
The IP filter is used to transmit or reject packets that have matched the address, protocol,
TOS or DSCP value, port number, ICMP TYPE, and ICMP CODE specified in ACL.
Checking whether the conditions are satisfied or not according to the set priority, if a
packet that has satisfied those conditions is found, it is filtered, and the subsequent
setting will be ignored.
A packet that has not satisfied any conditions will be transmitted.
Caution
Note 1.
If none of "acl ip" definition exist on the access control list which has been specified by
<acl> or if the access control list specified by <acl> does not exist, the packets are not
filtered.
Note 2.
The packet filtering default value is "pass".
No packets are filtered if only "pass" is set in <action>.
[XG2600]
Note 3.
This command is unavailable if the allowable upper limit for the device is exceeded.
The allowable upper limits are as follows.
Upper limit based on "commands"
64 commands for the entire device.
Up to 64 commands can be set for the entire device, including the "ether macfilter",
"vlan macfilter", "lan ip filter", "ether qos aclmap", "vlan qos aclmap", "lan ip dscp"
commands.
The priority for each command is as follows.
1) "ether macfilter" command
A smaller Ethernet port number has a higher priority among Ethernet ports.
2) "vlan macfilter" command
A smaller VLAN ID has a higher priority among VLANs.
3) "lan ip filter" command
A smaller lan definition number has a higher priority among lans.
4) "ether qos aclmap" command
A smaller Ethernet port number has a higher priority among Ethernet ports.
5) "vlan qos aclmap" command
A smaller VLAN ID has a higher priority among VLANs.
6) "lan ip dscp" command
A smaller lan definition number has a higher priority among lans.
Upper limit based on "masks"
64 masks for the entire device.
Up to 64 masks can be set for the entire device, including the "ether macfilter", "vlan
macfilter", "lan ip filter", "ether qos aclmap", "vlan qos aclmap", "lan ip dscp", "vlan
protocol" commands.
The priority for each command is as follows.
1) "vlan protocol" commands
 previous next