beautypg.com

Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

Page 162

background image

Syntax descriptions (Continued)

TABLE 13

IPv6 ACL
arguments

Description

tcp-udp-operator The tcp-udp-operator parameter can be one of the following:

eq - The policy applies to the TCP or UDP port name or number you enter after eq .
gt - The policy applies to TCP or UDP port numbers greater than the port number or the

numeric equivalent of the port name you enter after gt . Enter " ?" to list the port names.

lt - The policy applies to TCP or UDP port numbers that are less than the port number or

the numeric equivalent of the port name you enter after lt .

neq - The policy applies to all TCP or UDP port numbers except the port number or port

name you enter after neq .

range - The policy applies to all TCP port numbers that are between the first TCP or UDP

port name or number and the second one you enter following the range parameter. The
range includes the port names or numbers you enter. For example, to apply the policy to all
ports between and including 23 (Telnet) and 53 (DNS), enter the following range23 53 .
The first port number in the range must be lower than the last number in the range.

The source-port number and destination-port-number for the tcp-udp-operator is the number of
the port.

ipv6-operator

Allows you to filter the packets further by using one of the following options:

dscp - The policy applies to packets that match the traffic class value in the traffic class

field of the IPv6 packet header. This operator allows you to filter traffic based on TOS or IP
precedence. You can specify a value from 0 - 63.

fragments - The policy applies to fragmented packets that contain a non-zero fragment

offset.

NOTE
This option is not applicable to filtering based on source or destination port, TCP flags, and
ICMP flags.

routing - The policy applies only to IPv6 source-routed packets.

NOTE
This option is not applicable to filtering based on source or destination port, TCP flags, and
ICMP flags.

802.1p-priority-
matching
number

Enables the device to match only those packets that have the same 802.1p priorities as
specified in the ACL. Enter 0 - 7.

Use this option in conjunction with traffic policies to rate limit traffic for a specified 802.1p
priority value. For details, refer to "Inspecting the 802.1p bit in the ACL for adaptive rate
limiting" section in the FastIron Ethernet Switch Traffic Management Guide .

dscp-marking
number

Use the dscp-markingnumber parameter to specify a new QoS value to the packet. If a
packet matches the filters in the ACL statement, this parameter assigns the DSCP value that
you specify to the packet. Enter 0 - 63.

IPv6 ACLs

162

FastIron Ethernet Switch Security Configuration Guide

53-1003088-03

See also other documents in the category Brocade Computer Accessories: