Table of Contents
Advertisement
1
Example:
Set rate limit value in 1024k for port 1
SWITCH/>security network acl rate 1 1024k
Security Network ACL Add
Description:
Add or modify Access Control Entry (ACE).
If the ACE ID parameter <ace_id> is specified and an entry with this ACE ID already exists, the ACE will be modified.
Otherwise, a new ACE will be added. If the ACE ID is not specified, the next available ACE ID will be used.
If the next ACE ID parameter <ace_id_next> is specified, the ACE will be placed before this ACE in the list. If the next
ACE ID is not specified, the ACE will be placed last in the list.
If the Switch keyword is used, the rule applies to all ports. If the Port keyword is used, the rule applies to the specified port
only. If the Policy keyword is used, the rule applies to all ports configured with the specified policy. The default is that the
rule applies to all ports.
Syntax:
Security Network ACL Add [<ace_id>] [<ace_id_next>] [switch | (port <port>) | (policy <policy>)] [<vid>] [<tag_prio>]
[<dmac_type>] [(etype [<etype>] [<smac>] [<dmac>]) | (arp [<sip>] [<dip>] [<smac>] [<arp_opcode>] [<arp_flags>]) |
(ip [<sip>] [<dip>] [<protocol>] [<ip_flags>]) | (icmp [<sip>] [<dip>] [<icmp_type>] [<icmp_code>] [<ip_flags>]) | (udp
[<sip>] [<dip>] [<sport>] [<dport>] [<ip_flags>]) | (tcp [<sip>] [<dip>] [<sport>] [<dport>] [<ip_flags>] [<tcp_flags>])]
[permit|deny] [<rate_limiter>] [<port_copy>] [<logging>] [<shutdown>]
Parameters:
: ACE ID (1-128), default: Next available ID
<ace_id>
<ace_id_next> : Next ACE ID (1-128), default: Add ACE last
: Switch ACE keyword
switch
: Port ACE keyword
port
: Port number
<port>
: Policy ACE keyword
policy
: Policy number (1-8)
<policy>
: VLAN ID (1-4095) or 'any'
<vid>
: VLAN tag priority (0-7) or 'any'
<tag_prio>
: DMAC type: any|unicast|multicast|broadcast
<dmac_type>
: Ethernet Type keyword
etype
: Ethernet Type or 'any'
<etype>
: Source MAC address (xx-xx-xx-xx-xx-xx) or 'any'
<smac>
: Destination MAC address (xx-xx-xx-xx-xx-xx) or 'any'
<dmac>
: ARP keyword
arp
: Source IP address (a.b.c.d/n) or 'any'
<sip>
: Destination IP address (a.b.c.d/n) or 'any'
<dip>
<arp_opcode> : ARP operation code: any|arp|rarp|other
: ARP flags: request|smac|tmac|len|ip|ether [0|1|any]
<arp_flags>
: IP keyword
ip
: IP protocol number (0-255) or 'any'
<protocol>
: IP flags: ttl|options|fragment [0|1|any]
<ip_flags>
: ICMP keyword
icmp
: ICMP type number (0-255) or 'any'
<icmp_type>
: ICMP code number (0-255) or 'any'
<icmp_code>
: UDP keyword
udp
: Source UDP/TCP port range (0-65535) or 'any'
<sport>
: Destination UDP/TCP port range (0-65535) or 'any'
<dport>
: TCP keyword
tcp
: TCP flags: fin|syn|rst|psh|ack|urg [0|1|any]
<tcp_flags>
: Permit forwarding (default)
permit
: Deny forwarding
deny
<rate_limiter>: Rate limiter number (1-15) or 'disable'
: Port number for copy of frames or 'disable'
<port_copy>
: System logging of frames: log|log_disable
<logging>
User's Manual of NS3601-24P/4S Series
323
- Quick Links:
- Switch Front Panel
- Factory Default
Hide quick links:
Advertisement
Table of Contents
