Adding Access Mask, Access List, And Rate Limit Entries - Extreme Networks Summit 200-24 Installation And User Manual

Summit 200 series switch

Hide thumbs Also See for Summit 200-24:

Hardware installation manual (112 pages)

Hardware manual (352 pages)

Installation and user manual (338 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

Table of Contents

Using Access Control Lists

NOTE

For an example of using the permit-established keyword, refer to "Using the Permit-Established

Keyword" on page 110.

The permit-established keyword denies the access control list. Having a permit-established access

control list blocks all traffic that matches the TCP source/destination, and has the SYN=1 and ACK=0

flags set.

Adding Access Mask, Access List, and Rate Limit Entries

Entries can be added to the access masks, access lists, and rate limits. To add an entry, you must supply

a unique name using the

command, and supply a number of optional parameters (see Table 30

create

for the full command syntax). For access lists and rate limits, you must specify an access mask to use.

To modify an existing entry, you must delete the entry and retype it, or create a new entry with a new

unique name.

To add an access mask entry, use the following command:

create access-mask <name> ...

To add an access list entry, use the following command:

create access-list <name> ...

To add a rate limit entry, use the following command:

create rate-limit <name> ...

Maximum Entries

If you try to create an access mask when no more are available, the system will issue a warning

message. Three access masks are constantly used by the system, leaving a maximum of 13

user-definable access masks. However, enabling some features causes the system to use additional

access masks, reducing the number available.

For each of the following features that you enable, the system will use one access mask. When the

feature is disabled, the mask will again be available. The features are:

• RIP

• IGMP or OSPF (both would share a single mask)

• DiffServ examination

• QoS monitor

The maximum number of access list allowed by the hardware is 254 for each block of eight

10/100 Mbps Ethernet ports and 126 for each Gbps Ethernet port, for a total of 1014 rules (254*3+126*2).

Most user entered access list commands will require multiple rules on the hardware. For example, a

global rule (an access control list using an access mask without "ports" defined), will require 5 rules,

one for each of the 5 blocks of ports on the hardware.

The maximum number of rate-limiting rules allowed is 315 (63*5). This number is part of the total

access control list rules (1014).

Summit 200 Series Switch Installation and User Guide

105

Table of Contents

Show Quick Links

Hide quick links:

Table of Contents

This manual is also suitable for:

Summit 200-48

Adding Access Mask, Access List, And Rate Limit Entries - Extreme Networks Summit 200-24 Installation And User Manual

Adding Access Mask, Access List, and Rate Limit Entries

Hide quick links:

Related Manuals for Extreme Networks Summit 200-24

Related Content for Extreme Networks Summit 200-24

This manual is also suitable for:

Table of Contents