Netgear XCM8806 - 8800 SERIES 6-SLOT CHASSIS SWITCH 사용자 설명서
312
|
Chapter 13. ACLs
NETGEAR 8800 User Manual
Policy file syntax checker
The following rules are used to evaluate fragmented packets or rules that use the
fragments
or
first-fragments
keywords.
With no keyword specified, processing proceeds as follows:
•
An L3-only rule that does not contain
first-fragments
keyword matches any IP packets.
•
An L4 rule that does not contain
first-fragments
keyword matches non-fragmented or
initial-fragment packets.
With the
first-fragments
keyword specified:
•
An L3-only rule with the
first-fragments
keyword matches non-fragmented or initial
fragment packets.
•
An L4 rule with the
first-fragments
keyword matches non-fragmented or initial fragment
packets.
Layer-2 Protocol Tunneling ACLs
Three ACL match conditions and one ACL action interoperate with vendor-proprietary
Layer-2 protocol tunneling.
Layer-2 protocol tunneling.
The following fields within 802.3 Subnetwork Access Protocol (SNAP) and LLC formatted
packets can be matched:
packets can be matched:
•
Destination service access point (SAP)
•
Source SAP
The following field can be matched within Subnetwork Access Protocol (SNAP) packets only:
•
SNAP type
The following ACL action is added to the specified switches:
•
Replacement of the Ethernet MAC destination address
This action replaces the destination MAC address of any matching Layer-2 forwarded
packets on the supported platforms. This action can be used to effectively tunnel protocol
packets, such as STP, across a network by replacing the well-known protocol MAC address
with a different proprietary or otherwise unique MAC address. After tunnel egress, the MAC
destination address can be reverted back to the well-known MAC address.
packets on the supported platforms. This action can be used to effectively tunnel protocol
packets, such as STP, across a network by replacing the well-known protocol MAC address
with a different proprietary or otherwise unique MAC address. After tunnel egress, the MAC
destination address can be reverted back to the well-known MAC address.
Note:
The “replace-ethernet-destination-address” action applies only to
Layer-2 forwarded packets.