ZyXEL Communications IES-1248-51 User Manual page 426

IES-1248-51/51A/53 User's Guide
•
vlan < vid > smac <mac>
•
vlan < vid > dmac <mac>
•
smac < mac > dmac <mac>
•
vlan < vid > priority <priority>
•
etype <etype>
•
vlan <vid>
•
smac <mac>
•
dmac <mac>
•
priority <priority>
•
protocol <protocol>
•
srcip <ip>/<mask> [dstip <ip>/<mask> [tos <tos> [srcport <sport>
<eport> [dstport <sport> <eport>]]]]
where
•
etype <etype>
•
vlan <vid>
•
smac <mac>
•
dmac <mac>
•
priority
•
protocol
specified IP protocol number <0 ~ 255>.
•
srcip <ip>/<mask>
•
dstip <ip>/<mask>
•
tos <stos> <etos>
•
srcport <sport> <eport>
•
dstport <sport> <eport>
The following guidelines apply to classifiers.
• You can apply one classifier for a protocol on a port's PVC.
• You cannot create a classifier that contains matching criteria for layer 2 and layer 3 fields.
For example
not allowed as protocol type and VLAN do not belong to the same network layer.
• Each type of criteria can only be used once in a classifier. For example,
set test protocol tcp protocol udp deny
you need to create a separate classifier for each protocol and apply them to the same
PVC(s).
The following example creates an ACL rule example named
with a priority level of 2. This rule limits the rate on the classified traffic to 1000 kbps and
changes the priority level to 7.
426
= Ethernet type (0~65535).
= VLAN ID (1~4094).
= Source MAC address.
= Destination MAC address.
< > = Priority (0 ~ 7)
priority
< > = Protocol type:
protocol
= Source IP address and subnet mask (0~32).
= Destination IP address and subnet mask (0~32).
= Sets the ToS (Type of Service) range between 0 and 255.
= Source port range (0~65535).
= Destination port range (0~65535).
switch acl profile set test protocol tcp vlan 15 deny
, , , ,
tcp udp ospf igmp
is not allowed. For this example,
for traffic from VLAN 10
test
Chapter 57 ACL Commands
, , or user
ip gre icmp
is
profile acl