Fujitsu P3NK-4452-01ENZD Manuel D’Utilisation
XG Series User's Guide
Chapter 5 Command Reference
LAN Information Settings
187
Explanation
Set the IP filter for the LAN interface.
The IP filter is used to transmit or reject packets that have matched the address, protocol,
TOS or DSCP value, port number, ICMP TYPE, and ICMP CODE specified in ACL.
Checking whether the conditions are satisfied or not according to the set priority, if a
packet that has satisfied those conditions is found, it is filtered, and the subsequent
setting will be ignored.
A packet that has not satisfied any conditions will be transmitted.
The IP filter is used to transmit or reject packets that have matched the address, protocol,
TOS or DSCP value, port number, ICMP TYPE, and ICMP CODE specified in ACL.
Checking whether the conditions are satisfied or not according to the set priority, if a
packet that has satisfied those conditions is found, it is filtered, and the subsequent
setting will be ignored.
A packet that has not satisfied any conditions will be transmitted.
Caution
Note 1.
If none of "acl ip" definition exist on the access control list which has been specified by
<acl> or if the access control list specified by <acl> does not exist, the packets are not
filtered.
<acl> or if the access control list specified by <acl> does not exist, the packets are not
filtered.
Note 2.
The packet filtering default value is "pass".
No packets are filtered if only "pass" is set in <action>.
No packets are filtered if only "pass" is set in <action>.
[XG2600]
Note 3.
Note 3.
This command is unavailable if the allowable upper limit for the device is exceeded.
The allowable upper limits are as follows.
The allowable upper limits are as follows.
•
Upper limit based on "commands"
64 commands for the entire device.
Up to 64 commands can be set for the entire device, including the
64 commands for the entire device.
Up to 64 commands can be set for the entire device, including the
,
,
commands.
The priority for each command is as follows.
The priority for each command is as follows.
1)
command
A smaller Ethernet port number has a higher priority among Ethernet ports.
2)
command
A smaller VLAN ID has a higher priority among VLANs.
3)
A smaller lan definition number has a higher priority among lans.
4)
A smaller Ethernet port number has a higher priority among Ethernet ports.
5)
A smaller VLAN ID has a higher priority among VLANs.
6)
command
A smaller lan definition number has a higher priority among lans.
•
Upper limit based on "masks"
64 masks for the entire device.
Up to 64 masks can be set for the entire device, including the
64 masks for the entire device.
Up to 64 masks can be set for the entire device, including the
,
commands.
The priority for each command is as follows.
1)
commands