Kontron AT890X Full-Size CLI User Manual

Quality of Service (QoS) Commands

AT8901/2/3

AT8901/2/3 CLI Reference Manual

Page 4 - 28

Format

access-list

<1-99> {deny | permit} {every |

mask>} [log] [assign-queue ] [{mirror | redirect}
]

Mode

Global Config

IP Extended ACL:

Format

access-list <100-199> {deny | permit} {every | {{icmp |
igmp | ip | tcp | udp | } [{eq
{ | <0-65535>} [{eq {|
<0-65535>}] [precedence | tos
| dscp ] [log] [assign-queue ] [{mirror |
redirect} ]

Mode

Global Config

Table 2. ACL Command Parameters

Parameter

Description

<1-99> or <100-199>

Range 1 to 99 is the access list number for an IP standard ACL.
Range 100 to 199 is the access list number for an IP extended
ACL.

{deny | permit}

Specifies whether the IP ACL rule permits or denies an action.

Note: For 5630x and 5650x-based systems, assign-queue, redi-
rect, and mirror attributes are configurable for a deny rule, but
they have no operational effect.

every

Match every packet

{icmp | igmp | ip | tcp |
udp | }

Specifies the protocol to filter for an extended IP ACL rule.

Specifies a source IP address and source netmask for match
condition of the IP ACL rule.

[{eq { |
<0-65535>}]

Specifies the source layer 4 port match condition for the IP
ACL rule. You can use the port number, which ranges from 0-
65535, or you specify the

, which can be one of the

following keywords:

domain, echo, ftp, ftpdata,

http, smtp, snmp, telnet, tftp

, and

www

. Each of

these keywords translates into its equivalent port number,
which is used as both the start and end of a port range.

Specifies a destination IP address and netmask for match condi-
tion of the IP ACL rule.

[precedence
| tos |
dscp ]

Specifies the TOS for an IP ACL rule depending on a match of
precedence or DSCP values using the parameters

dscp

,

pre-

cedence

,

tos/tosmask

.

[log]

Specifies that this rule is to be logged.