beautypg.com

3 {deny | permit, Deny | permit} - 25 – Kontron AT890X Full-Size CLI User Manual

Page 191

background image

AT8901/2/3

Quality of Service (QoS) Commands

Page 4 - 25

AT8901/2/3 CLI Reference Manual

4.7.3

{deny | permit}

This command creates a new rule for the current MAC access list. Each rule is
appended to the list of configured rules for the list.

NOTE: The 'no' form of this command is not supported, since the rules within

a MAC ACL cannot be deleted individually. Rather, the entire MAC
ACL must be deleted and re-specified.

NOTE: An implicit 'deny all' MAC rule always terminates the access list.

NOTE: For BCM5630x and BCM5650x based systems, assign-queue, redi-

rect, and mirror attributes are configurable for a deny rule, but they
have no operational effect.

A rule may either deny or permit traffic according to the specified classification fields.
At a minimum, the source and destination MAC value must be specified, each of which
may be substituted using the keyword any to indicate a match on any value in that
field. The remaining command parameters are all optional, but the most frequently
used parameters appear in the same relative order as shown in the command format.

The Ethertype may be specified as either a keyword or a four-digit hexadecimal value
from 0x0600-0xFFFF. The currently supported

values are: appletalk,

arp, ibmsna, ipv4, ipv6, ipx, mplsmcast, mplsucast, netbios, novell, pppoe, rarp. Each
of these translates into its equivalent Ethertype value(s).

The vlan and cos parameters refer to the VLAN identifier and 802.1p user priority
fields, respectively, of the VLAN tag. For packets containing a double VLAN tag, this
is the first (or outer) tag.

The assign-queue parameter allows specification of a particular hardware queue for
handling traffic that matches this rule. The allowed value is 0-(n-1), where
n is the number of user configurable queues available for the hardware platform. The

assign-queue

parameter is valid only for a

permit

rule.

Table 1. Ethertype Keyword and 4-digit Hexadecimal Value

Ethertype Keyword

Corresponding Value

appletalk

0x809B

arp

0x0806

ibmsna

0x80D5

ipv4

0x0800

ipv6

0x86DD

ipx

0x8037

mplsmcast

0x8848

mplsucast

0x8847

netbios

0x8191

novell

0x8137, 0x8138

pppoe

0x8863, 0x8864

rarp

0x8035

See also other documents in the category Kontron Hardware: