Owner's Manual
306 | Chapter 13. ACLs
NETGEAR 8800 User Manual
IP ARP cache, otherwise the packet is forwarded normally. Only fast path traffic can be
redirected. This capability can be used to implement Policy-Based Routing.
You may want to create a static ARP entry for the redirection IP address, so that there will
always be a cache entry. See
Policy-Based Routing on page 337 for more information.
Replacing DSCP or 802.1p Fields
Specify a QoS profile for matching packets. The field values are replaced with the value
associated with that profile. In the following example, DiffServ replacement is configured such
that QP8 is mapped to code point 56. Matching packets are sent to QP8, and the DSCP
value in the packet is set to 56.
entry voice_entry {
if {
source-address 2.2.2.2/32;
} then {
qosprofile qp8;
replace-dscp;
}
}
See Chapter 15, QoS for more details about QoS profiles, and 802.1p and DSCP
replacement.
ACL Rule Syntax Details
Table 31 lists the match conditions that can be used with ACLs, and whether the condition
can be used for ingress ACLs only, or with both ingress and egress. The conditions are
case-insensitive; for example, the match condition listed in the table as
TCP-flags can also be
written as
tcp-flags. Within Table 31 are five different data types used in matching packets.
Table 32 lists the data types and details on using them.
Table 31. ACL Match Conditions
Match Conditions Description Applicable
IP Protocols/
Direction
ethernet-type <number> Ethernet packet type. In place of the numeric value, you can
specify one of the following text synonyms (the field values are
also listed): ETHER-P-IP (0x0800), ETHER-P-8021Q
(0x8100), ETHER-P-IPV6 (0x86DD).
Ethernet/Ingress
only
ethernet-source-address
<mac-address>
Ethernet source MAC address Ethernet/Ingress
only