Manualshelf

User`s guide

ManualsBrandsAMD ManualsComputer equipmentLE-363 User's
241242243244245246247248249250
216 XgOS User’s Guide September 2014
Example
Setting Conditions
An ACL condition is a match-test rule to perform on a packet. A condition defines
rules for fields the system checks during packet processing. Operators are available
to match strings in those fields that follow a specific pattern.
Rule conditions, and rules themselves, can be modified and reassigned on the fly. If
an ACL is created and bound to an I/O module, you can change the ACL or any of
its component rules without removing the ACL or turning down the I/O module.
Setting or redefining conditions for an ACL rule occurs through the set acl
command.
Syntax
A condition <def> encompasses the following general form:
<field-name><operator><value>
where any of the following are supported:
set acl foo rule 3 action learn ingress
set acl <set-name> rule <num> condition <def> [-rank=<number>]
dest {ipaddr<oper><val> mask<value>|mac<oper><val>
mask <value>|port <oper><val>}
src {ipaddr<oper><val> mask<value>|mac<oper><val> mask<value>|port <oper><val>}
dot1p <oper> <number-or-range>
dscp <oper> <number-or-range>
protocol {icmp|igmp|<number>|tcp|udp}
tos <oper> <number-or-range>
vlan <oper> <number-or-range>