206
MES3000 Ethernet switch series
destination
Destination address
Defines MAC address of the packet destination.
destination_wildcard
A bit mask applied to MAC
address of the packet
destination.
The mask defines the bits of the MAC address which should be
ignored. "1" should be written to all ignored bites. The mask is
used the same way as the
source_wildcard
mask.
vlan_id
Range of values: 0–4095.
VLAN subnetwork for packets filtering.
cos
Range of values: 0–7.
Class of service (CoS) for packets filtering.
cos_wildcard
A bit mask applied to the
class of service (CoS) of the
packets being filtered.
The mask defines the CoS bits which should be ignored. "1"
should be written to all ignored bites. For example, in order to
use CoS 6 and 7 in a filtration rule, the CoS field should have
value 6 or 7 and the mask field should have value 1 (the binary
form of 7 is 111, and 1 is 001; thus, the last bit will be ignored,
i. e. CoS may be 110 (6) or 111 (7)).
eth-type
Range of values: 0–0xFFFF.
Ethernet type in hex form for the packets being filtered.
disable-port
-
Disables the port which was used to send a packet fulfilling the
requirements of a
deny
command.
log-input
Message log
Enables message log registration when a packet is received
which corresponds to the record.
time_name
Name of the time-range
configuration profile
Defines configuration of time periods.
offset_list_name
Byte offset from the key
point.
Specifies that the user templates list should be used for
packets recognition. Every ACL may have its own templates list
defined.
index
Rule index
The index indicates position of the rule in a table. The lower
the index, the higher is the priority (1–2,147,483,647).
In order to select the whole range of parameters except
dscp
and
ip-precedence
, the
any
parameter is used.
As soon as at least one record has been added to ACL, the last record is set by default to
deny any any.
That means that all packets, which do not fulfil ACL requirements, will be
dropped.
Table 5.251 Configuration commands for MAC-based ACLs
Command
Action
permit
{any|{
source source- wildcard
}
{any|
destination destination_wildcard
}
[vlan
vlan_id
]
[cos
cos cos_wildcard
] [
eth-type
]
[time-range
time_name
] [index
index
]
[
offset-list
offset_list_name
]
Adds a
permit
filtration record. Packets which fulfil the record's requirements
will be processed by the switch.
deny
{any|{
source source- wildcard
}
{any|{
destination destination_wildcard
}}
[vlan
vlan_id
]
[cos
cos cos_wildcard
] [
eth-type
]
[time-range
time_name
]
[disable-port|log-input] [index
index
]
[offset-list
offset_list_name
]
Adds a
deny
filtration record. Packets which fulfil the record's requirements
will be blocked by the switch. If the
disable-port
keyword is specified, the
physical interface receiving the packet will be disabled.
If the
log-input
keyword is specified, the physical a message will be sent to the
system log.
offset-list
offset_list_name
{
offset_base
offset mask value
}
…
Creates a user templates list with the name specified in the
name
field. The
name should contain from 1 to 32 characters.
One command may contain up to 13 templates (depends on the selected
system mode) having the following parameters:
offset_base—
basic offset. Possible values:
L2—offset from the beginning of Ethernet frame
outer-tag—beginning of STAG offset
inner-tag—beginning of CTAG offset
src-mac—beginning of source MAC offset
dst-mac—beginning of destination MAC offset