Brocade Communications Systems ServerIron ADX 12.4.00a Security Manual page 75

NOTE
The out option is not supported in the rule-based ACL mode.
The precedence <name> | <num> parameter of the ip access-list command specifies the IP
precedence. The precedence option for of an IP packet is set in a three-bit field following the
four-bit header-length field of the packet's header. You can specify one of the following:
•
•
•
•
•
•
•
•
The tos <name> | <num> parameter of the ip access-list command specifies the IP ToS. You can
specify one of the following:
•
•
•
•
•
•
The ip-pkt-len <value> parameter filters ICMP packets based on the IP packet length. The device
uses the <value> to match the total length field in the IP header of ICMP packets. You can specify a
value from 1 – 65535.
ServerIron ADX Security Guide
53-1002440-03
critical or 5 – The ACL matches packets that have the critical precedence. If you specify the
option number instead of the name, specify number 5.
flash or 3 – The ACL matches packets that have the flash precedence. If you specify the option
number instead of the name, specify number 3.
flash-override or 4 – The ACL matches packets that have the flash override precedence. If you
specify the option number instead of the name, specify number 4.
immediate or 2 – The ACL matches packets that have the immediate precedence. If you
specify the option number instead of the name, specify number 2.
internet or 6 – The ACL matches packets that have the internetwork control precedence. If you
specify the option number instead of the name, specify number 6.
network or 7 – The ACL matches packets that have the network control precedence. If you
specify the option number instead of the name, specify number 7.
priority or 1 – The ACL matches packets that have the priority precedence. If you specify the
option number instead of the name, specify number 1.
routine or 0 – The ACL matches packets that have the routine precedence. If you specify the
option number instead of the name, specify number 0.
max-reliability or 2 – The ACL matches packets that have the maximum reliability ToS. The
decimal value for this option is 2.
max-throughput or 4 – The ACL matches packets that have the maximum throughput ToS. The
decimal value for this option is 4.
min-delay or 8 – The ACL matches packets that have the minimum delay ToS. The decimal
value for this option is 8.
min-monetary-cost or 1 – The ACL matches packets that have the minimum monetary cost
ToS. The decimal value for this option is 1.
NOTE
This value is not supported on 10 Gigabit Ethernet modules.
normal or 0 – The ACL matches packets that have the normal ToS. The decimal value for this
option is 0.
<num> – A number from 0 – 15 that is the sum of the numeric values of the options you want.
The ToS field is a four-bit field following the Precedence field in the IP header. You can specify
one or more of the following. To select more than one option, enter the decimal value that is
equivalent to the sum of the numeric values of all the ToS options you want to select. For
example, to select the max-reliability and min-delay options, enter number 10. To select all
options, select 15.
Configuring numbered and named ACLs
2
61