Brocade Communications Systems Brocade ICX 6650 6650 Manual De Usuario
94
Brocade ICX 6650 Security Configuration Guide
53-1002601-01
Extended numbered ACL configuration
•
max-throughput or 4 – The ACL matches packets that have the maximum throughput ToS. The
decimal value for this option is 4.
decimal value for this option is 4.
•
min-delay or 8 – The ACL matches packets that have the minimum delay ToS. The decimal
value for this option is 8.
value for this option is 8.
•
min-monetary-cost or 1 – The ACL matches packets that have the minimum monetary cost
ToS. The decimal value for this option is 1.
ToS. The decimal value for this option is 1.
-
normal or 0 – The ACL matches packets that have the normal ToS. The decimal value for
this option is 0.
this option is 0.
-
num – A number from 0 – 15 that is the sum of the numeric values of the options you
want. The ToS field is a four-bit field following the Precedence field in the IP header. You
can specify one or more of the following. To select more than one option, enter the decimal
value that is equivalent to the sum of the numeric values of all the ToS options you want to
select. For example, to select the max-reliability and min-delay options, enter number 10.
To select all options, select 15.
want. The ToS field is a four-bit field following the Precedence field in the IP header. You
can specify one or more of the following. To select more than one option, enter the decimal
value that is equivalent to the sum of the numeric values of all the ToS options you want to
select. For example, to select the max-reliability and min-delay options, enter number 10.
To select all options, select 15.
NOTE
The following QoS options are only available if a specific ICMP type is specified and cannot be used
with the any-icmp-type option set for the icmp-type parameter. See
The following QoS options are only available if a specific ICMP type is specified and cannot be used
with the any-icmp-type option set for the icmp-type parameter. See
page 114 for more information on using ACLs to perform QoS.
The 802.1p-priority-matching option inspects the 802.1p bit in the ACL that can be used with
adaptive rate limiting. Enter a value from 0 – 7.
adaptive rate limiting. Enter a value from 0 – 7.
The dscp-cos-mapping option maps the DSCP value in incoming packets to a hardware table that
provides mapping of each of the 0 – 63 DSCP values, and distributes them among eight traffic
classes (internal priorities) and eight 802.1p priorities.
provides mapping of each of the 0 – 63 DSCP values, and distributes them among eight traffic
classes (internal priorities) and eight 802.1p priorities.
NOTE
The dscp-cos-mapping option overrides port-based priority settings.
NOTE
The dscp-cos-mapping option is not supported for Brocade ICX 6650 devices.
The dscp-cos-mapping option is not supported for Brocade ICX 6650 devices.
The dscp-marking option enables you to configure an ACL that marks matching packets with a
specified DSCP value. Enter a value from 0 – 63. Refer to
specified DSCP value. Enter a value from 0 – 63. Refer to
The dscp-matching option matches on the packet’s DSCP value. Enter a value from 0 – 63. This
option does not change the packet’s forwarding priority through the device or mark the packet.
Refer to
option does not change the packet’s forwarding priority through the device or mark the packet.
Refer to
The log parameter enables SNMP traps and Syslog messages for inbound packets denied by the
ACL:
ACL:
•
You can enable logging on inbound ACLs and filters that support logging even when the ACLs
and filters are already in use. To do so, re-enter the ACL or filter command and add the log
parameter to the end of the ACL or filter. The software replaces the ACL or filter command with
the new one. The new ACL or filter, with logging enabled, takes effect immediately.
and filters are already in use. To do so, re-enter the ACL or filter command and add the log
parameter to the end of the ACL or filter. The software replaces the ACL or filter command with
the new one. The new ACL or filter, with logging enabled, takes effect immediately.
The traffic-policy option enables the device to rate limit inbound traffic and to count the packets
and bytes per packet to which ACL permit or deny clauses are applied. For configuration
procedures and examples, refer to the chapter
and bytes per packet to which ACL permit or deny clauses are applied. For configuration
procedures and examples, refer to the chapter