Foundry Configuration Guide for the FESX, FSX, and FWSX
12 - 18
© Foundry Networks, Inc.
December 2005
The
dscp-marking
option enables you to configure an ACL that marks matching packets with a specified DSCP
value Enter a value from 0 – 63. See “Using an IP ACL to Mark DSCP Values (DSCP Marking)” on page 12-23.
The
dscp-matching
option matches on the packet’s DSCP value. Enter a value from 0 – 63. This option does not
change the packet’s forwarding priority through the device or mark the packet. See “DSCP Matching” on page 12-
24.
The
log
parameter enables SNMP traps and Syslog messages for packets denied by the ACL.
You can enable logging on ACLs and filters that support logging even when the ACLs and filters are already in use.
To do so, re-enter the ACL or filter command and add the
log
parameter to the end of the ACL or filter. The
software replaces the ACL or filter command with the new one. The new ACL or filter, with logging enabled, takes
effect immediately.
The
traffic-policy
option enables the device to rate limit inbound traffic and to count the packets and bytes per
packet to which ACL permit or deny clauses are applied. For configuration procedures and examples, see the
chapter “Traffic Policies” on page 15-1.
Configuration Example for Extended Named ACLs
To configure an extended named ACL, enter commands such as the following.
The options at the ACL configuration level and the syntax for the
ip access-group
command are the same for
numbered and named ACLs and are described in “Configuring Extended Numbered ACLs” on page 12-8 and
“Configuring Extended Named ACLs” on page 12-13.
Adding a Comment to an ACL Entry
You can optionally add comment text to describe entries in an ACL. The comment text appears in the output of
show
commands that display ACL information.
For example, the following commands add comments to entries to a numbered ACL, ACL 100:
FastIron SuperX Router(config)# ip access-list extended “block Telnet”
FastIron SuperX Router(config-ext-nacl)# deny tcp host 209.157.22.26 any eq telnet
log
FastIron SuperX Router(config-ext-nacl)# permit ip any any
FastIron SuperX Router(config-ext-nacl)# exit
FastIron SuperX Router(config)# int eth 1/1
FastIron SuperX Router(config-if-1/1)# ip access-group “block Telnet” in
FESX424 Router(config)# access-list 100 remark The following line permits TCP
packets
FESX424 Router(config)# access-list 100 permit tcp 192.168.4.40/24 2.2.2.2/24
FESX424 Router(config)# access-list 100 remark The following permits UDP packets
FESX424 Router(config)# access-list 100 permit udp 192.168.2.52/24 2.2.2.2/24
FESX424 Router(config)# access-list 100 deny ip any any
Содержание FastIron Edge Switch X424
Страница 36: ...Foundry Configuration Guide for the FESX FSX and FWSX 2 12 Foundry Networks Inc December 2005...
Страница 56: ...Foundry Configuration Guide for the FESX FSX and FWSX 3 20 Foundry Networks Inc December 2005...
Страница 70: ...Foundry Configuration Guide for the FESX FSX and FWSX 4 14 Foundry Networks Inc December 2005...
Страница 198: ...Foundry Configuration Guide for the FESX FSX and FWSX 8 38 Foundry Networks Inc December 2005...
Страница 316: ...Foundry Configuration Guide for the FESX FSX and FWSX 12 26 Foundry Networks Inc December 2005...
Страница 334: ...Foundry Configuration Guide for the FESX FSX and FWSX 13 18 Foundry Networks Inc December 22 2005...
Страница 350: ...Foundry Configuration Guide for the FESX FSX and FWSX 15 12 Foundry Networks Inc December 2005...
Страница 458: ...Foundry Configuration Guide for the FESX FSX and FWSX 18 18 Foundry Networks Inc December 2005...
Страница 712: ...Foundry Configuration Guide for the FESX FSX and FWSX 22 32 Foundry Networks Inc December 2005...
Страница 760: ...Foundry Configuration Guide for the FESX FSX and FWSX A 34 Foundry Networks Inc December 2005...
Страница 796: ...Foundry Configuration Guide for the FESX FSX and FWSX C 18 Foundry Networks Inc December 2005...
Страница 820: ...Foundry Configuration Guide for the FESX FSX and FWSX E 10 Foundry Networks Inc December 2005...