Specifications

ManualsBrandsEnterasys ManualsComputer equipmentRBT-8200

561

562

563

564

565

566

567

568

569

570

14-12 Security ACL Commands

Defaults

Bydefault,permittedpacketsareclassifiedbasedonDSCPvalue,whichisconvertedintoan

internalCoSvalueintheswitch’sCoSmap.ThepacketisthenmarkedwithaDSCPvaluebased

ontheinternalCoSvalue.IftheACEcontainsthecosoption,thisoptionoverridestheswitch’s

CoS

mapandmarksthepacketbasedontheACE.

Mode

Enabled.

Usage

TheRoamAboutSwitchdoesnotapplysecurityACLsuntilyouactivatethemwiththecommit

securityaclcommandandmapthemtoaVLAN,port,orvirtualport,ortoauser.Ifthe

RoamAboutSwitchisresetorrestarted,anyACLsintheeditbufferarelost.

Youcannotperform

ACLfunctionsthatincludepermitting,denying,ormarkingwithaClassof

Service(CoS)levelonpacketswithamulticastorbroadcastdestinationaddress.

TheorderofsecurityACEsinasecurityACLisimportant.OnceanACLisactive,itsACEsare 

checkedaccordingtotheirorderintheACL.

IfanACEcriterionismet,itsactiontakesplaceand

anyACEsthatfollowareignored.

ACEsarelistedintheorderinwhichyoucreatethem,unlessyoumovethem.Topositionsecurity

ACEswithinasecurityACL,usebeforeeditbuffer‐indexandmodifyeditbuffer‐index.

established ForTCP

packetsonly,appliestheACEonlytoestablishedTCPsessionsand

nottonewTCPsessions.

beforeeditbuffer‐

index

InsertsthenewACEinfrontofanotherACEinthesecurityACL.Specify

thenumberoftheexistingACEintheeditbuffer.Indexnumbersstartat1.

(Todisplaytheedit

buffer,useshowsecurityacleditbuffer.)

modifyeditbuffer‐

index

ReplacesanACEinthesecurityACLwiththenewACE.Specifythe

numberoftheexistingACEintheeditbuffer.Indexnumbersstartat1.(To

displaytheeditbuffer,useshowsecurityacleditbuffer.)

hits Tracksthenumberof

packetsthatarefilteredbasedonasecurityACL,for

allmappings.

Notes:

•The any option is supported for the source or destination IP address and mask. This option is

equivalent to 0.0.0.0 255.255.255.255.

•The any option is shown in the configuration file as 0.0.0.0 255.255.255.255, regardless of

whether you specify any or 0.0.0.0 255.255.255.255 when you configure the ACE.

Note: The dscp codepoint is added. This option enables you to filter based on a packet’s

Differentiated Services Code Point (DSCP) value.