Extreme 3804 User Guide
Using Access Control Lists
Summit24e3 Switch Installation and User Guide
99
create rate-limit <rule_name>
access-mask <access-mask name>
{dest-mac <dest_mac>}
{source-mac <src_mac>}
{vlan <name>}
{ethertype [IP | ARP | <hex_value>]}
{tos <ip_precedence>
| code-point <code_point>}
{ipprotocol
[tcp|udp|icmp|igmp|<protocol_num>]}
{dest-ip <dest_IP>/<mask length>}
{dest-L4port <dest_port>}
{source-ip <src_IP>/<mask length>}
{source-L4port <src_port> | {icmp-type
<icmp_type>} {icmp-code <icmp_code>}}
{egressport <port>}
{port <port number>}
permit {qosprofile <qosprofile>}
{set code-point <code_point>}
{set dot1p <dot1p_value>}
limit <rate_in_Mbps>
{exceed-action [drop
| set code-point <code_point>}
access-mask <access-mask name>
{dest-mac <dest_mac>}
{source-mac <src_mac>}
{vlan <name>}
{ethertype [IP | ARP | <hex_value>]}
{tos <ip_precedence>
| code-point <code_point>}
{ipprotocol
[tcp|udp|icmp|igmp|<protocol_num>]}
{dest-ip <dest_IP>/<mask length>}
{dest-L4port <dest_port>}
{source-ip <src_IP>/<mask length>}
{source-L4port <src_port> | {icmp-type
<icmp_type>} {icmp-code <icmp_code>}}
{egressport <port>}
{port <port number>}
permit {qosprofile <qosprofile>}
{set code-point <code_point>}
{set dot1p <dot1p_value>}
limit <rate_in_Mbps>
{exceed-action [drop
| set code-point <code_point>}
Creates a rate limit. The rule is applied to all
ingress packets. Options include:
ingress packets. Options include:
•
<rule_name>
— Specifies the rate limit
name. The name can be between 1 and 31
characters.
characters.
•
access-mask
— Specifies the associated
access mask. Any field specified in the
access mask must have a corresponding
value specified in the rate limit.
access mask must have a corresponding
value specified in the rate limit.
•
dest-mac
— Specifies the destination MAC
address.
•
source-mac
— Specifies the source MAC
address.
•
vlan
— Specifies the VLANid.
•
ethertype
— Specify IP, ARP, or the hex
value to match.
•
tos
— Specifies the IP precedence value.
•
code-point
— Specifies the DiffServ code
point value.
•
ipprotocol
— Specify an IP protocol, or
the protocol number
•
dest-ip
— Specifies the IP destination
address and subnet mask. A mask length of
32 indicates a host entry.
32 indicates a host entry.
•
dest-L4port
— Specify the destination
port.
•
source-ip
— Specifies the IP source
address and subnet mask.
•
source-L4port
— Specify the source port.
•
icmp-type
— Specify the ICMP type.
•
icmp-code
— Specify the ICMP code.
•
egressport
— Specify the egress port
•
port
— Specifies the ingress port to which
this rule is applied.
•
permit
— Specifies the packets that match
the access list description are permitted to be
forward by this switch. An optional QoS profile
can be assigned to the access list, so that the
switch can prioritize packets accordingly.
forward by this switch. An optional QoS profile
can be assigned to the access list, so that the
switch can prioritize packets accordingly.
•
set
— Modify the DiffServ code point or the
802.1p value for matching, forwarded,
packets.
packets.
•
limit
— Specifies the rate limit
•
<rate_in_Mbps>
— The rate limit. Allowed
values are 1-100 Mbps for 100BT ports, 8,
16, 24, 32... 1000 for the Gigabit ports
16, 24, 32... 1000 for the Gigabit ports
•
exceed-action
— Action to take for
matching packets that exceed the rate.
delete access-list <name>
Deletes an access list.
Table 25: Access Control List Configuration Commands (continued)
Command
Description