Manualshelf

Owner's Manual

ManualsBrandsNetgear ManualsHubsNetgear XCM8806
331332333334335336337338339340
332 | Chapter 13. ACLs
NETGEAR 8800 User Manual
Egress ACLs
Each of the 4 egress slices can be configured to one of the 3 combinations below. The rules
that can be installed into a particular slice should be a subset of the combination to which that
slice is configured.
Following is the table of the available combinations:
Combination 1:
<vlan-id, ethernet-source-address, ethernet-destination-address, ethernet-type>
Combination 2:
<vlan-id, diffserv-codepoint/ip-tos, destination-address, source-address,
protocol, destination-port, source-port, tcp-flags>
Combination 3:
<vlan-id, ip-tos, destination-address<ipv6>, source-address<ipv6>, protocol>
Use Table 35 to determine which ACL entries are compatible. If the entries are compatible,
they can be on the same slice.
For example, the earlier example entries are applied to ports:
entry ex_A {
if {
source-address 10.10.10.0/24 ;
destination-port 23 ;
protocol tcp ;
} then {
deny ;
}
}
entry ex_B {
TOS, VRF,
IP-Proto
MACDA, DIP, Etype, VID
MACSA, SIP, Etype, VID
"User Defined Field” 1
"User Defined Field” 2
DIP, SIP, IP-Proto, L4DP, L4SP, DSCP, TCP-Ctrl, Frag-Info
DIP, SIP, IP-Proto, L4DP, L4-range, DSCP, TCP-ctrl, Frag-Info
DIP, SIP, IP-Proto, L4-Range, L4SP, DSCP, TCP-Ctrl, Frag-Info
Table 35. Field Selectors, NETGEAR 8800 Series (Continued)
Field 1 Field 2 Field 3