beautypg.com

Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 132

background image

114

Multi-Service IronWare Security Configuration Guide

53-1003035-02

Configuring numbered and named ACLs

3

Using ACL QoS options to filter packets
You can filter packets based on their QoS values by entering values for the following parameters:

Parameters to mark the DSCP value in a packet
Specify the DSCP value to a packet by entering the following parameter:

Use dscp-marking number to mark the DSCP value in the incoming packet with the value you
specify. Dscp-marking is not supported on outbound ACLs.

Parameters for regenerating IPv4 ACL table sequence numbers

Parameters to bind standard ACLs to an interface
Use the ip access-group command to bind the ACL to an interface and enter the ACL number for
num.

Parameters to filter IP option packets
You can filter IP Option traffic based upon the content of the IP option field in the IP header.

NOTE

This feature is not supported on Brocade NetIron CES or Brocade NetIron CER devices.

tos name | num

Specify the IP ToS name or number.

NOTE

This parameter is not supported on Brocade NetIron CES or Brocade NetIron
CER devices.

You can specify one of the following:

max-reliability or 2 – The ACL matches packets that have the maximum
reliability ToS. The decimal value for this option is 2.

max-throughput or 4 – The ACL matches packets that have the
maximum throughput ToS. The decimal value for this option is 4.

min-delay or 8 – The ACL matches packets that have the minimum
delay ToS. The decimal value for this option is 8.

normal or 0 – The ACL matches packets that have the normal ToS. The
decimal value for this option is 0.

num – A number from 0 – 15 that is the sum of the numeric values of
the options you want. The ToS field is a four-bit field following the
Precedence field in the IP header. You can specify one or more of the
following. To select more than one option, enter the decimal value that
is equivalent to the sum of the numeric values of all the ToS options
you want to select. For example, to select the max-reliability and
min-delay options, enter number 10. To select all options, select 15.

dscp-mapping
number

The ACL matches packets on the DSCP value. This option does not change
the packet’s forwarding priority through the device or mark the packet.

num

Specifies the standard ACL number

regenerate-seq-num [num]

Specifies the initial sequence number for the access list after regeneration. The
valid range is from 1 through 214748364. The default value is 10. ACL filter rule
sequence numbers are regenerated in steps of 10.

See also other documents in the category Brocade Computer Accessories: