Table of Contents
Advertisement
Item
Description
Match Criteria (MAC ACLs)
Every
When this option is selected, all packets will match the rule and will be
either permitted or denied. This option is exclusive to all other match
criteria, so if Every is selected, no other match criteria can be config-
ured. To configure specific match criteria, this option must be clear.
CoS
The 802.1p user priority value to match within the Ethernet frame.
Ethertype
The EtherType value to match in an Ethernet frame. Specify the num-
ber associated with the EtherType or specify one of the following key-
words: AppleTalk, ARP, IBM SNA, IPv4, IPv6, IPX, MPLS, Unicast,
NETBIOS, NOVELL, PPPoE, or RARP.
Source MAC
The MAC address to match to an Ethernet frame's source port MAC
Address / Mask
address. If desired, enter the MAC Mask associated with the source
MAC to match. The MAC address mask specifies which bits in the
source MAC to compare against an Ethernet frame. Use F's and zeros
in the MAC mask, which is in a wildcard format. An F means that the
bit is not checked, and a zero in a bit position means that the data must
equal the value given for that bit. For example, if the MAC address is
aa:bb:cc:dd:ee:ff, and the mask is 00:00:ff:ff:ff:ff, all MAC addresses
with aa:bb:xx:xx:xx:xx result in a match (where x is any hexadecimal
number).
Destination MAC
The MAC address to match to an Ethernet frame's destination port
Address / Mask
MAC address. If desired, enter the MAC Mask associated with the des-
tination MAC to match. The MAC address mask specifies which bits in
the destination MAC to compare against an Ethernet frame. Use F's
and zeros in the MAC mask, which is in a wildcard format. An F means
that the bit is not checked, and a zero in a bit position means that the
data must equal the value given for that bit. For example, if the MAC
address is aa:bb:cc:dd:ee:ff, and the mask is 00:00:ff:ff:ff:ff, all MAC
addresses with aa:bb:xx:xx:xx:xx result in a match (where x is any
hexadecimal number).
VLAN
The VLAN ID to match within the Ethernet frame.
Rule Attributes
Assign Queue
The number that identifies the hardware egress queue that will handle
all packets matching this rule.
Interface
The interface to use for the action:
Log
When this option is selected, logging is enabled for this ACL rule (sub-
ject to resource availability in the device). If the Access List Trap Flag
is also enabled, this will cause periodic traps to be generated indicat-
ing the number of times this rule went into effect during the current
report interval. A fixed 5 minute report interval is used for the entire
system. A trap is not issued if the ACL rule hit count is zero for the cur-
rent interval.
Redirect: Allows traffic that matches a rule to be redirected to the
selected interface instead of being processed on the original port.
The redirect function and mirror function are mutually exclusive.
Mirror: Provides the ability to mirror traffic that matches a rule to
the selected interface. Mirroring is similar to the redirect function,
except that in flow-based mirroring a copy of the permitted traffic
is delivered to the mirror interface while the packet itself is for-
warded normally through the device.
285
EKI-9500 Series User Manual
Advertisement
Table of Contents
