System information
278
DWS-1008 CLI Reference Guide
D-Link Systems, Inc.
Security ACL Commands
code icmp-code For ICMP messages filtered by type, additionally filters ICMP
messages by code. Specify a value from 0 through 255. (For a list of
ICMPmessage type and code numbers, see
www.iana.org/assignments/icmp-parameters.)
precedence Filters packets by precedence level. Specify a value from 0
precedence through 7:
• 0 - routine precedence
• 1 - priority precedence
• 2 - immediate precedence
• 3 - flash precedence
• 4 - flash override precedence
• 5 - critical precedence
• 6 - internetwork control precedence
• 7 - network control precedence
tos tos Filters packets by type of service (TOS) level. Specify one of the
following values, or any sum of these values up to 15. For example,
a tos value of 9 filters packets with the TOS levels minimum delay
(8) and minimum monetary cost (1).
• 8 - minimum delay
• 4 - maximum throughput
• 2 - maximum reliability
• 1 - minimum monetary cost
• 0 - normal
established For TCP packets only, applies the ACE only to established TCP
sessions and not to new TCP sessions.
before Inserts the new ACE in front of another ACE in the
editbuffer-index security ACL. Specify the number of the existing ACE in the edit
buffer. Index numbers start at 1. (To display the edit buffer, use
show security acl editbuffer.)
modify Replaces an ACE in the security ACL with the new ACE.
editbuffer-index Specify the number of the existing ACE in the edit buffer. Index
numbers start at 1. (To display the edit buffer, use show security
acl editbuffer.)
hits Tracks the number of packets that are filtered based on a security
ACL, for all mappings.
Defaults: Permitted packets are assigned to class-of-service (CoS) class 0 by default.
Access: Enabled
Usage: The switch does not apply security ACLs until you activate them with the commit
security acl command and map them to a VLAN, port, or virtual port, or to a user. If the
switch is reset or restarted, any ACLs in the edit buffer are lost.