8 ip access control list (acl) commands, 1 access-list, 8 ip access control list (acl) commands - 27 – Kontron AT8901M CLI User Manual

Page 195: Access-list - 27, At8901m quality of service (qos) commands

AT8901M

Quality of Service (QoS) Commands

Page 4 - 27

AT8901M CLI Reference Manual

Mirror Interface On Broadcom 5650x platforms, the slot/port to which packets

matching this rule are copied.

Redirect Interface On Broadcom 5650x platforms, the slot/port to which packets

matching this rule are forwarded.

4.8

IP Access Control List (ACL) Commands

This section describes the commands you use to configure IP ACL settings. IP ACLs
ensure that only authorized users have access to specific resources and block any
unwarranted attempts to reach network resources.

The following rules apply to IP ACLs:

•

FASTPATH software does not support IP ACL configuration for IP packet frag-
ments.

•

The maximum number of ACLs you can create is 100, regardless of type.

•

The maximum number of rules per IP ACL is hardware dependent.

•

On Broadcom 5630x platforms, if you configure a MAC ACL on an interface, you
cannot configure an IP ACL on the same interface.

•

Wildcard masking for ACLs operates differently from a subnet mask. A wildcard
mask is in essence the inverse of a subnet mask. With a subnet mask, the mask has
ones (1's) in the bit positions that are used for the network address, and has zeros
(0's) for the bit positions that are not used. In contrast, a wildcard mask has (0’s) in
a bit position that must be checked. A ‘1’ in a bit position of the ACL mask indi-
cates the corresponding bit can be ignored.

4.8.1

access-list

This command creates an IP Access Control List (ACL) that is identified by the access
list number, which is 1-99 for standard ACLs or 100-199 for extended ACLs

Table 2

describes the parameters for the

access-list

command.

IP Standard ACL:

Format

access-list

<1-99> {deny | permit} {every |

mask>} [log] [assign-queue ] [{mirror | redirect}

slot/port

Mode

Global Config

IP Extended ACL:

Format

access-list <100-199> {deny | permit} {every | icmp | igmp

| ip | tcp | udp | } {any | }

{any | eq { | <0-65535>} | }

[eq { | <0-65535>}] [{precedence |

tos | dscp }] [log] [assign-queue

] [{mirror | redirect} <slot/port>]

Mode

Global Config

Pages: 1 … 193 194 195 196 197 … 313

wrong Brand

wrong Model

non readable

See also other documents in the category Kontron Hardware:

CP3003-SA uEFI BIOS (72 pages)

CP3003-SA (36 pages)

CP3002 (38 pages)

CP3002-RC uEFI (64 pages)

CP-RIO3-05 (42 pages)

CP3002-RC (30 pages)

CP342 (52 pages)

CP930 (46 pages)

CP932 (52 pages)

CP346 (72 pages)

CP384 (66 pages)

CP383 (74 pages)

CP382 (58 pages)

CP381 (60 pages)

CP372 (64 pages)

CP371 (60 pages)

CP-RIO3-04S (38 pages)

CP390 (36 pages)

CPS3410 (9 pages)

CPS3402 (9 pages)

CPS3105 (9 pages)

CPS3101 (9 pages)

CPS3003-SA (19 pages)

PB-SIO4 (34 pages)

PB-SIO4A (34 pages)

PB-DOUT8 (34 pages)

VMOD-2 (82 pages)

VSBC-32 (110 pages)

VM42 (62 pages)

Bootstrap Loader (24 pages)

VMP1 with Netbootloader (120 pages)

VMP1 (106 pages)

NetBootLoader (86 pages)

VMP2 (142 pages)

VMP3 (154 pages)

CP-RIO6-923 (32 pages)

CP-RIO6-923-F (32 pages)

CP-RIO6-001 (28 pages)

CP-RIO6-001-HD-VGA (46 pages)

CP-RIO6-M (20 pages)

CP-RIO6-B (28 pages)

CP6925 (42 pages)

CP6002 uEFI BIOS (76 pages)

CP6002 IPMI (40 pages)

CP6002 (42 pages)