beautypg.com

Auses, see, Filtering and priority manipulation based on, 1p priority – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 98

background image

80

Multi-Service IronWare Security Configuration Guide

53-1003035-02

Creating a numbered Layer-2 ACL table

2

The src-mac mask | any parameter specifies the source MAC address. You can enter a specific
address and a comparison mask or the keyword any to filter on all MAC addresses. Specify the
mask using Fs and zeros. For example, to match on the first two bytes of the address
aabb.ccdd.eeff, use the mask ffff.0000.0000. In this case, the clause matches all source MAC
addresses that contain “aabb” as the first two bytes and any values in the remaining bytes of the
MAC address. If you specify any, you do not need to specify a mask and the clause matches on all
MAC addresses.

The dest-mac mask | any parameter specifies the destination MAC address. The syntax rules are
the same as those for the src-mac mask | any parameter.

The optional vlan-id | any parameter specifies the vlan-id to be matched against the VLAN ID of the
incoming packet. You can specify any to ignore the vlan-id match.

The optional etype etype-str argument specifies the Ethernet type field of the incoming packet in
order for a match to occur.

The etype-str variable can be one of the following keywords:

IPv4-l5 (Etype=0x0800, IPv4, HeaderLen 20 bytes)

ARP (Etype=0x0806, IP ARP)

IPv6 (Etype=0x86dd, IP version 6)

ANY – specify etype any to ignore Ethernet type field match.

NOTE

Filtering based on etype value is only supported for Layer-2 inbound ACLs. It is not supported
for Layer-2 outbound ACLs.

Use dscp-marking number to mark the DSCP value in the incoming packet with the value you
specify.

Parameters for regenerating Layer-2 ACL table sequence numbers

Filtering and priority manipulation based on
802.1p priority

With the Multi-Service IronWare software, Layer-2 ACL support has been provided for filtering and
priority manipulation based on a packet’s 802.1p priority using the following keywords.

The following priority options can be configured following the etype argument.

NOTE

The keywords priority and priority-force cannot be used together in an ACL entry.

num

Specifies the number of the Layer-2 ACL table to resequence

regenerate-seq-num [num] (Optional) Specifies the initial sequence number for the access list

after regeneration. The valid range is from 1 through 214748364.
The default value is 10. ACL filter rule sequence numbers are
regenerated in steps of 10.

See also other documents in the category Brocade Computer Accessories: