Foundry NetIron M2404C and M2404F Metro Access Switches
Configuring ACLs (Rev. 03)
Overview
© 2008 Foundry Networks, Inc
Page 14 of 50
provider-vlan
<
vlan-id
>
(Optional). Specifies the provider VLAN identifier in the range <1-
4093>. The
provider-vlan
option is applied to the tls uplink interface in
order to match the external VLAN.
provider-vpt
<priority>
(Optional). Specifies the VLAN Priority Tag (VPT) in the provider
VLAN tag header in the range <0-7>. The
provider-vpt
option is
applied to the tls uplink interface in order to match the external VLAN
priority tag.
vlan
<
vlan-id
>
(Optional). Specifies a VLAN ID number, in the range <1-4093>.
<
wildcard mask
>
(Optional).
Specifies the VLAN mask in hexadecimal format.
untagged
(Optional). Enables matching only on the untagged frames. When the
untagged option is not specified, all tagged and untagged frames will be
matched.
vpt
(Optional). The VLAN Priority Tag (VPT) in the VLAN tag header.
Priority values range from 0 to 7.
precedence
<
precedence
>
(Optional). Packets can be filtered by precedence level, as specified by a
number from 0 to 7, or by any of the valid literal Precedence values
listed below (see
Table 6
for valid literal values).
tos
<
tos
>
(Optional). Packets can be filtered by type of service level, as specified
by a number from 0 to 15, or by any of the valid literal Tos values listed
below (see
Table 7
for valid literal values).
The provider and/or user VLAN identifiers can be defined for all TLS packets, which are received
on the uplink interface.
The user VLAN identifiers can be specified for all TLS packets, which are received on the user
interface.
Example
In the following example (
Figure 6
) the IP address 192.98.2.1 (PC 1) will be permitted, the subnet
192.98.0.0/16 (PC 2) except for this address will be denied, but the entire subnet 192.0.0.0/8 (PC
3) will be permitted. All the other traffic will be denied.