User`s guide

ManualsBrandsAMD ManualsComputer equipmentLE-363 User's

241

242

243

244

245

246

247

248

249

250

Chapter 12 Access Control Lists 215

Parameter Description

rule <num> The ID number for this rule.

-rank=<number> A specific rank for the evaluation order of this rule. If you do not specify a rank, the Fabric

Interconnect assigns a default rank based on the size (in bits) of the information in the

condition definition. Thus, if all rules in a set are defined according to different types of

information, the default ranks are unambiguous and you do not need to assign a specific

rank to your rules.

For example, if Rule 1 has a condition based on a source IP address while Rule 2 has a

condition based on both destination IP address and destination port, Rule 2 will always be

evaluated before Rule 1. If, however, your condition definitions include the same amount of

information, the order of evaluation will be unpredictable.

For example, if Rule 3 has a condition based on a source IP address while Rule 4 has a

condition based on a destination IP address, evaluation of those rules can occur in either

order. A packet that satisfies both conditions might have Rule 4 applied to it sometimes and

Rule 3 applied to it other times. If this behavior is unacceptable, or if you need the order to

be different from that resulting from the default rank assignment, you must provide a

specific rank.

To provide a specific rank, use the -rank modifier and provide a number. Ranks begin

with zero (0). Lower ranking rules are evaluated before higher ranking rules.

enqueue <num> Each vNIC uses only one queue by default (queue 0). If the condition matches, the system

puts the packet into this queue number (from 0 to 7). Thereafter, a policy (i.e., a shaper) can

be applied to the queue.

learn The system starts counting the number of packets that matched the condition. If a LAG

exists and you create an ACL rule with the learn action, flows that terminated on the LAG

can have incorrect counters or not appear at all.

mark The result of an ACL classification rule can specify marking a packet. This option applies

priority marking to the packet using a supported marking algorithm:

• 802.1p marking

• IP precedence marking

• DSCP marking, specify a single even number or a range of even numbers

Only one of three marking mechanisms can be specified at a time. Setting one of them

negates the other two.

When the queue number (offsets 0 - 7) is specified, the marked packet is placed on the

specified queue. See “Application QoS With Ingress 802.1p and IP Precedence Mapping” on

page 206.

nolearn The system does not count the number of packets that matched the condition.

police Applies a QoS policer to the matched packet. The bandwidth can be limited to a specific

level.