2 acl profile delete command – ZyXEL Communications IES-708-22A User Manual
Page 370
Chapter 55 ACL Commands
IES-708-22A User’s Guide
370
• vlan < vid > dmac
• smac < mac > dmac
• vlan < vid > priority
• etype
• vlan
• smac
• dmac
• priority
• protocol
• srcip
[srcport
where
•
etype
= Ethernet type (0~65535).
•
vlan
= VLAN ID (1~4094).
•
smac
= Source MAC address.
•
dmac
= Destination MAC address.
•
priority
<
priority
> = Priority (0 ~ 7)
•
protocol
<
protocol
> = Protocol type:
tcp
,
udp
,
ospf
,
igmp
,
ip
,
gre
,
icmp
or user
specified IP protocol number <0 ~ 255>.
•
srcip
= Source IP address and subnet mask (0~32).
•
dstip
= Destination IP address and subnet mask (0~32).
•
tos
= Sets the ToS (Type of Service) range between 0 and 255.
•
srcport
= Source port range (0~65535).
•
dstport
= Destination port range (0~65535).
The following guidelines apply to classifiers.
• You can apply one classifier for a protocol on a port’s PVC.
• You cannot create a classifier that contains matching criteria for layer 2 and layer 3 fields.
For example
switch acl profile set test protocol tcp vlan 15 deny
is
not allowed as protocol type and VLAN do not belong to the same network layer.
• Each type of criteria can only be used once in a classifier. For example,
profile acl
set test protocol tcp protocol udp deny
is not allowed. For this example,
you need to create a separate classifier for each protocol and apply them to the same
PVC(s).
The following example creates an ACL rule example named
test
for traffic from VLAN 10
with a priority level of 2. This rule limits the rate on the classified traffic to 1000 kbps and
changes the priority level to 7.
55.1.2 ACL Profile Delete Command
Syntax:
ras> switch acl profile delete
ras> switch acl profile set test vlan 10 priority 2 rate 1000 rpri 7