beautypg.com

8 ip access control list (acl) commands, 1 access-list, 8 ip access control list (acl) commands - 30 – Kontron AT8404 CLI User Manual

Page 204: Access-list - 30, Quality of service (qos) commands at8404

background image

Quality of Service (QoS) Commands

AT8404

AT8404 CLI Reference Manual

Page 3 - 30

3.8

IP Access Control List (ACL) Commands

This section describes the commands you use to configure IP ACL settings. IP ACLs ensure that only authorized
users have access to specific resources and block any unwarranted attempts to reach network resources.

The following rules apply to IP ACLs:

FASTPATH software does not support IP ACL configuration for IP packet fragments.

The maximum number of ACLs you can create is hardware dependent. The limit applies to all ACLs, regardless
of type.

The maximum number of rules per IP ACL is hardware dependent.

On Broadcom 5630x platforms, if you configure a MAC ACL on an interface, you cannot configure an IP ACL
on the same interface.

Wildcard masking for ACLs operates differently from a subnet mask. A wildcard mask is in essence the inverse
of a subnet mask. With a subnet mask, the mask has ones (1's) in the bit positions that are used for the network
address, and has zeros (0's) for the bit positions that are not used. In contrast, a wildcard mask has (0’s) in a bit
position that must be checked. A ‘1’ in a bit position of the ACL mask indicates the corresponding bit can be
ignored.

3.8.1

access-list

This command creates an IP Access Control List (ACL) that is identified by the access list number, which is 1-99 for
standard ACLs or 100-199 for extended ACLs.

Table 2

describes the parameters for the access-list command.

IP Standard ACL:

IP Extended ACL:

Assign Queue

The queue identifier to which packets matching this rule are assigned.

Mirror Interface

On Broadcom 5650x platforms, the slot/port to which packets matching this rule are copied.

Redirect Interface On Broadcom 5650x platforms, the slot/port to which packets matching this rule are

forwarded.

Format

access-list

<1-99> {deny | permit} {every | } [log]

[assign-queue ] [{mirror | redirect} ]

Mode

Global Config

Format

access-list <100-199> {deny | permit} {every | {{icmp | igmp | ip | tcp
| udp | } [{eq { | <0-65535>}
[{eq {| <0-65535>}] [precedence | tos
| dscp ] [log] [assign-queue ] [{mirror
| redirect} ]

Mode

Global Config

Term

Definition

See also other documents in the category Kontron Hardware: