D-Link DWS-1008 CLI Manual
8
dscp
codepoint
Filters packets by Differentiated Services Code Point (DSCP) value.
You can specify a number from 0 to 63, in decimal or binary format.
Note: You cannot use the dscp option along with the precedence and
tos options in the same ACE. The CLI rejects an ACE that has this
combination of options.
established
For TCP packets only, applies the ACE only to established TCP sessions
and not to new TCP sessions.
before
editbuffer-index
Inserts the new ACE in front of another ACE in the security ACL. Specify
the number of the existing ACE in the edit buffer. Index numbers start
at 1. (To display the edit buffer, use show security acl editbuffer.)
modify
editbuffer-index
Replaces an ACE in the security ACL with the new ACE. Specify the
number of the existing ACE in the edit buffer. Index numbers start at 1.
(To display the edit buffer, use show security acl editbuffer.)
hits
Tracks the number of packets that are filtered based on a security ACL,
for all mappings.
Defaults: By default, permitted packets are classified based on DSCP value, which is converted
into an internal CoS value in the switch’s CoS map. The packet is then marked with a DSCP value
based on the internal CoS value. If the ACE contains the cos option, this option overrides the
switch’s CoS map and marks the packet based on the ACE.
Access: Enabled.
Usage: The switch does not apply security ACLs until you activate them with the commit security
acl command and map them to a VLAN, port, or virtual port, or to a user. If the switch is reset or
restarted, any ACLs in the edit buffer are lost.
You cannot perform ACL functions that include permitting, denying, or marking with a Class of
Service (CoS) level on packets with a multicast or broadcast destination address.
The order of security ACEs in a security ACL is important. Once an ACL is active, its ACEs are
checked according to their order in the ACL. If an ACE criterion is met, its action takes place and
any ACEs that follow are ignored. ACEs are listed in the order in which you create them, unless
you move them. To position security ACEs within a security ACL, use before editbuffer-index and
modify editbuffer-index.
Examples: The following command adds an ACE to security acl_123 that permits packets from
IP address 192.168.1.11/24 and counts the hits:
DWS-1008#
set security acl ip acl_123 permit 192.168.1.11 0.0.0.255 hits
The following command adds an ACE to acl_123 that denies packets from IP address
192.168.2.11:
DWS-1008#
set security acl ip acl_123 deny 192.168.2.11 0.0.0.0
Содержание DWS-1008
Страница 1: ......
Страница 27: ...D Link DWS 1008 CLI Manual 24 ...