Brocade Mobility RFS7000-GR Controller CLI Reference Guide (Supporting software release 4.1.0.0-040GR and later) User Manual
Page 376
362
Brocade Mobility RFS7000-GR CLI Reference Guide
53-1001945-01
Extended ACL Config Commands
14
Usage Guidelines
This command marks traffic between network’s/host’s based on the protocol type selected in the
access list configuration.
Use the
mark
option to specify the type of service (tos) and priority value. The tos value is marked
in the IP header and the 802.1p priority value is marked in the dot1q frame.
The following types of protocols are supported:
•
ip
mark {dot1p <0-7> | tos
<0-255>}} {icmp}
{source/source-mask
A.B.C.D/M| host sourcehost
| any} {destination/
destination-maskA.B.C.D/M
| host destinationhost | any}
[icmp-type | [icmp-type
icmp-code]] [log]
[rule-precedence
access-list-entry precedence]
Use with the
mark
command to specify icmp packets as marked.
•
mark {dot1p <0-7> | tos <0-255>} – The keyword specifies mark action on an
ACL. The action type
mark
is functional only over a Port ACL.
•
{icmp} – Specify icmp as protocol.
•
{source/source-mask A.B.C.D/M| host sourcehost | any} – sourceA.B.C.D is
the source IP address of the network or host in dotted decimal format.
Source-maskM is the network mask. For example, 10.1.1.10/24 indicates that
the first 24 bits of the source IP are used for matching.
•
any is an abbreviation for source IP of 0.0.0.0 and source-mask bits equal
to 0.
•
host is an abbreviation for exact source (A.B.C.D) and source-mask bits
equal to 32.
•
{destination/ destination-maskA.B.C.D/M | host destinationhost | any} – The
destination host IP address or destination network address.
•
[icmp-type |icmp-type icmp-code] – ICMP type value from 0 to 255. Valid only
for protocol type icmp. ICMP code value from 0 to 255. Valid only for protocol
type icmp.
•
[log] – Generates log messages when the packet coming from the interface
matches the ACL entry. Log messages are generated only for router ACLs.
•
[rule-precedence access-list-entry precedence] – Integer value between
1-5000. This value sets the rule precedence in the ACL.
mark {dot1p <0-7> | tos
<0-255>}} {tcp|udp}
{source/source-mask
A.B.C.D/M| host sourcehost
| any} [operator source-port]
{destination/destination-ma
sk | host destinationhost |
any} [operator
destination-port] [log]
[rule-precedence
access-list-entry precedence]
Use with the
mark
command to specify tcp or udp packets as marked.
•
mark {dot1p <0-7> | tos <0-255>} – The keyword specifies mark action on an
ACL. The action type
mark
is functional only over a Port ACL.
•
{tcp|udp} – Specifies tcp or udp as the protocol used.
•
{source/source-mask A.B.C.D/M| host sourcehost | any} – source is the source
IP address of the network or host in dotted decimal. Source-mask is the
network mask. For example, 10.1.1.10/24 indicates that the first 24 bits of the
source IP are used for matching.
•
any is an abbreviation for source IP of 0.0.0.0 and source-mask bits equal
to 0.
•
host is an abbreviation for exact source (A.B.C.D) and source-mask bits
equal to 32.
•
[operator source-port] – Valid only for tcp or udp protocols. Valid values are eq
and range.
•
range – Specifies the protocol range (starting and ending protocol
numbers).
•
port – Valid port number.
•
{destination/destination-mask | host destinationhost | any} – The destination
host IP address or destination network address.
•
[operator destination-port] – Specifies the destination port.
•
[log] – Generates log messages when the packet coming from the interface
matches the ACL entry. Log messages are generated only for router ACLs.
•
[rule-precedence access-list-entry precedence] – Integer value between
1-5000. This value sets the rule precedence in the ACL.