Hub/Switch Reference Guide

ManualsBrandsNortel Networks ManualsSwitch2300 Series

461

462

463

464

465

466

467

468

469

470

Security ACL Commands 467

Nortel WLAN—Security Switch 2300 Series Command Line Reference

Defaults

By default, permitted packets are classified based on DSCP value, which is converted into an

internal CoS value in the switch’s CoS map. The packet is then marked with a DSCP value based on the

internal CoS value. If the ACE contains the cos option, this option overrides the switch’s CoS map and marks

the packet based on the ACE.

Access

Enabled.

precedence precedence Filters packets by precedence level. Specify a value from 0 through

• 0—routine precedence

• 1—priority precedence

• 2—immediate precedence

• 3—flash precedence

• 4—flash override precedence

• 5—critical precedence

• 6—internetwork control precedence

• 7—network control precedence

tos tos Filters packets by type of service (TOS) level. Specify one of the

following values, or any sum of these values up to 15. For example,

a tos value of 9 filters packets with the TOS levels minimum delay

(8) and minimum monetary cost (1).

• 8—minimum delay

• 4—maximum throughput

• 2—maximum reliability

• 1—minimum monetary cost

• 0—normal

dscp codepoint Filters packets by Differentiated Services Code Point (DSCP)

value. You can specify a number from 0 to 63, in decimal or binary

format.

Note: You cannot use the dscp option along with the precedence

and tos options in the same ACE. The CLI rejects an ACE that has

this combination of options.

established For TCP packets only, applies the ACE only to established TCP

sessions and not to new TCP sessions.

before editbuffer-index Inserts the new ACE in front of another ACE in the security ACL.

Specify the number of the existing ACE in the edit buffer. Index

numbers start at 1. (To display the edit buffer, use show security acl

editbuffer.)

modify editbuffer-index Replaces an ACE in the security ACL with the new ACE. Specify

the number of the existing ACE in the edit buffer. Index numbers

start at 1. (To display the edit buffer, use show security acl

editbuffer.)

hits Tracks the number of packets that are filtered based on a security

ACL, for all mappings.