Brocade Communications Systems Brocade ICX 6650 6650 Manuel D’Utilisation
Brocade ICX 6650 Security Configuration Guide
117
53-1002601-01
ACL-based rate limiting
Syntax: access-list num(100-199) permit udp any any 802.1p-priority-marking priority value (0-7)
[internal-priority-marking value (0-7)]
In each of these examples, in the first command the internal-priority value is not specified, which
means it maintains a default value of 1 (equal to that of the 802.1p value).
means it maintains a default value of 1 (equal to that of the 802.1p value).
Using an ACL to change the forwarding queue
The 802.1p-priority-marking 0 – 7 parameter re-marks the packets of the 802.1Q traffic that match
the ACL with this new 802.1p priority, or marks the packets of the non-802.1Q traffic that match
the ACL with this 802.1p priority, later at the outgoing 802.1Q interface.
the ACL with this new 802.1p priority, or marks the packets of the non-802.1Q traffic that match
the ACL with this 802.1p priority, later at the outgoing 802.1Q interface.
The internal-priority-marking 0 – 7 parameter assigns traffic that matches the ACL to a specific
hardware forwarding queue (qosp0 – qosp7>.
hardware forwarding queue (qosp0 – qosp7>.
NOTE
The internal-priority-marking parameter overrides port-based priority settings.
The internal-priority-marking parameter overrides port-based priority settings.
In addition to changing the internal forwarding priority, if the outgoing interface is an 802.1Q
interface, this parameter maps the specified priority to its equivalent 802.1p (CoS) priority and
marks the packet with the new 802.1p priority. The complete CLI syntax for 802.1p priority marking
and internal priority marking is shown in
interface, this parameter maps the specified priority to its equivalent 802.1p (CoS) priority and
marks the packet with the new 802.1p priority. The complete CLI syntax for 802.1p priority marking
and internal priority marking is shown in
on page 96. The following shows the syntax specific to these
features.
Syntax: ... dscp-marking <0 – 63> 802.1p-priority-marking <0 – 7> internal-priority-marking <0 –
7>]
DSCP matching
The dscp-matching option matches on the packet DSCP value. This option does not change the
packet forwarding priority through the device or mark the packet.
packet forwarding priority through the device or mark the packet.
To configure an ACL that matches on a packet with DSCP value 29, enter a command such as the
following.
following.
Brocade(config)# access-list 112 permit ip 10.1.1.0 0.0.0.255 10.2.2.x 0.0.0.255
dscp-matching 29
dscp-matching 29
The complete CLI syntax for this feature is shown in
on page 96. The following shows the syntax
specific to this feature.
Syntax: ...dscp-matching <0 – 63>
NOTE
For complete syntax information, refer to
ACL-based rate limiting
ACL-based rate limiting provides the facility to limit the rate for IP traffic that matches the permit
conditions in extended IP ACLs. This feature is available in the Layer 2 and Layer 3 code.
conditions in extended IP ACLs. This feature is available in the Layer 2 and Layer 3 code.