Figure 289 acl profile set command example – ZyXEL Communications IES-612-51A User Manual
Page 400
Chapter 54 ACL Commands
IES-612-51A User’s Guide
400
• smac < mac > dmac
• vlan < vid > priority
• etype
• vlan
• smac
• dmac
• priority
• protocol
• srcip
where
•
etype
= Ethernet type (0~65535).
•
vlan
= VLAN ID (1~4094).
•
smac
= Source MAC address.
•
dmac
= Destination MAC address.
•
priority
<
priority
> = Priority (0 ~ 7)
•
protocol
<
protocol
> = Protocol type:
tcp
,
udp
,
ospf
,
igmp
,
ip
,
gre
,
icmp
or user
specified IP protocol number <0 ~ 255>.
•
srcip
= Source IP address and subnet mask (0~32).
•
dstip
= Destination IP address and subnet mask (0~32).
•
tos
= Sets the ToS (Type of Service) range between 0 and 255.
•
srcport
= Source port range (0~65535).
•
dstport
= Destination port range (0~65535).
The following guidelines apply to classifiers.
• You can apply one classifier for a protocol on a port’s PVC.
• You cannot create a classifier that contains matching criteria for layer 2 and layer 3 fields.
For example
switch acl profile set test protocol tcp vlan 15 deny
is
not allowed as protocol type and VLAN do not belong to the same network layer.
• Each type of criteria can only be used once in a classifier. For example,
profile acl
set test protocol tcp protocol udp deny
is not allowed. For this example,
you need to create a separate classifier for each protocol and apply them to the same
PVC(s).
The following example creates an ACL rule example named
test
for traffic from VLAN 10
with a priority level of 2. This rule limits the rate on the classified traffic to 1000 kbps and
changes the priority level to 7.
Figure 289 ACL Profile Set Command Example
ras> switch acl profile set test vlan 10 priority 2 rate 1000 rpri 7