Dscp matching, Acl-based rate limiting, Using an acl to change the forwarding queue – Brocade Communications Systems Brocade ICX 6650 6650 User Manual

Page 137

Advertising
background image

Brocade ICX 6650 Security Configuration Guide

117

53-1002601-01

ACL-based rate limiting

Syntax: access-list num(100-199) permit udp any any 802.1p-priority-marking priority value (0-7)

[internal-priority-marking value (0-7)]

In each of these examples, in the first command the internal-priority value is not specified, which
means it maintains a default value of 1 (equal to that of the 802.1p value).

Using an ACL to change the forwarding queue

The 802.1p-priority-marking 0 – 7 parameter re-marks the packets of the 802.1Q traffic that match
the ACL with this new 802.1p priority, or marks the packets of the non-802.1Q traffic that match
the ACL with this 802.1p priority, later at the outgoing 802.1Q interface.

The internal-priority-marking 0 – 7 parameter assigns traffic that matches the ACL to a specific
hardware forwarding queue (qosp0 – qosp7>.

NOTE

The internal-priority-marking parameter overrides port-based priority settings.

In addition to changing the internal forwarding priority, if the outgoing interface is an 802.1Q
interface, this parameter maps the specified priority to its equivalent 802.1p (CoS) priority and
marks the packet with the new 802.1p priority. The complete CLI syntax for 802.1p priority marking
and internal priority marking is shown in

“Extended numbered ACL configuration”

on page 90 and

“Extended named ACL configuration”

on page 96. The following shows the syntax specific to these

features.

Syntax: ... dscp-marking <0 – 63> 802.1p-priority-marking <0 – 7> internal-priority-marking <0 –

7>]

DSCP matching

The dscp-matching option matches on the packet DSCP value. This option does not change the
packet forwarding priority through the device or mark the packet.

To configure an ACL that matches on a packet with DSCP value 29, enter a command such as the
following.

Brocade(config)# access-list 112 permit ip 10.1.1.0 0.0.0.255 10.2.2.x 0.0.0.255
dscp-matching 29

The complete CLI syntax for this feature is shown in

“Extended numbered ACL configuration”

on

page 90 and

“Extended named ACL configuration”

on page 96. The following shows the syntax

specific to this feature.

Syntax: ...dscp-matching <0 – 63>

NOTE

For complete syntax information, refer to

“Extended numbered ACL syntax”

on page 91.

ACL-based rate limiting

ACL-based rate limiting provides the facility to limit the rate for IP traffic that matches the permit
conditions in extended IP ACLs. This feature is available in the Layer 2 and Layer 3 code.

Advertising
Popular Brands
Popular manuals