User guide

ManualsBrandsExtreme Networks ManualsComputer equipmentSummit Summit4

Using Access Control Lists

Summit24e3 Switch Installation and User Guide 99

create rate-limit <rule_name>

access-mask <access-mask name>

{dest-mac <dest_mac>}

{source-mac <src_mac>}

{vlan <name>}

{ethertype [IP | ARP | <hex_value>]}

{tos <ip_precedence>

| code-point <code_point>}

{ipprotocol

[tcp|udp|icmp|igmp|<protocol_num>]}

{dest-ip <dest_IP>/<mask length>}

{dest-L4port <dest_port>}

{source-ip <src_IP>/<mask length>}

{source-L4port <src_port> | {icmp-type

<icmp_type>} {icmp-code <icmp_code>}}

{egressport <port>}

{port <port number>}

permit {qosprofile <qosprofile>}

{set code-point <code_point>}

{set dot1p <dot1p_value>}

limit <rate_in_Mbps>

{exceed-action [drop

| set code-point <code_point>}

Creates a rate limit. The rule is applied to all

ingress packets. Options include:

• <rule_name> — Specifies the rate limit

name. The name can be between 1 and 31

characters.

• access-mask — Specifies the associated

access mask. Any field specified in the

access mask must have a corresponding

value specified in the rate limit.

• dest-mac — Specifies the destination MAC

address.

• source-mac — Specifies the source MAC

address.

• vlan — Specifies the VLANid.

• ethertype — Specify IP, ARP, or the hex

value to match.

• tos — Specifies the IP precedence value.

• code-point — Specifies the DiffServ code

point value.

• ipprotocol — Specify an IP protocol, or

the protocol number

• dest-ip — Specifies the IP destination

address and subnet mask. A mask length of

32 indicates a host entry.

• dest-L4port — Specify the destination

port.

• source-ip — Specifies the IP source

address and subnet mask.

• source-L4port — Specify the source port.

• icmp-type — Specify the ICMP type.

• icmp-code — Specify the ICMP code.

• egressport — Specify the egress port

• port — Specifies the ingress port to which

this rule is applied.

• permit — Specifies the packets that match

the access list description are permitted to be

forward by this switch. An optional QoS profile

can be assigned to the access list, so that the

switch can prioritize packets accordingly.

• set — Modify the DiffServ code point or the

802.1p value for matching, forwarded,

packets.

• limit — Specifies the rate limit

• <rate_in_Mbps> — The rate limit. Allowed

values are 1-100 Mbps for 100BT ports, 8,

16, 24, 32... 1000 for the Gigabit ports

• exceed-action — Action to take for

matching packets that exceed the rate.

delete access-list <name> Deletes an access list.

Table 25: Access Control List Configuration Commands (continued)

Command Description