Operation Manual

ManualsBrandsTrapeze smart mobile ManualsSoftwareMobility System Software 7.3

401

402

403

404

405

406

407

408

409

410

Security ACL Commands

Mobility System Software Command Reference Guide

Version 7.3

15 – 398

Defaults

By default, permitted packets are classified based on DSCP value, which is converted

into an internal CoS value in the switch’s CoS map. The packet is then marked with a DSCP value

based on the internal CoS value. If the ACE contains the cos option, this option overrides the

switch’s CoS map and marks the packet based on the ACE.

Access

Enabled.

History

precedence precedence Filters packets by precedence level. Specify a value from 0 through 7:

❑ 0—routine precedence

❑ 1—priority precedence

❑ 2—immediate precedence

❑ 3—flash precedence

❑ 4—flash override precedence

❑ 5—critical precedence

❑ 6—internetwork control precedence

❑ 7—network control precedence

tos tos Filters packets by type of service (TOS) level. Specify one of the following values,

or any sum of these values up to 15. For example, a tos value of 9 filters packets

with the TOS levels minimum delay (8) and minimum monetary cost (1).

❑ 8—minimum delay

❑ 4—maximum throughput

❑ 2—maximum reliability

❑ 1—minimum monetary cost

❑ 0—normal

dscp codepoint Filters packets by Differentiated Services Code Point (DSCP) value. You can

specify a number from 0 to 63, in decimal or binary format.

Note: You cannot use the dscp option along with the precedence and

tos options in the same ACE. The CLI rejects an ACE that has this

combination of options.

established For TCP packets only, applies the ACE only to established TCP sessions and not

to new TCP sessions.

before editbuffer-index Inserts the new ACE in front of another ACE in the security ACL. Specify the

number of the existing ACE in the edit buffer. Index numbers start at 1. (To

display the edit buffer, use show security acl editbuffer.)

modify editbuffer-index Replaces an ACE in the security ACL with the new ACE. Specify the number of

the existing ACE in the edit buffer. Index numbers start at 1. (To display the edit

buffer, use show security acl editbuffer.)

hits Tracks the number of packets that are filtered based on a security ACL, for all

mappings.

MSS Version 1.0 Command introduced

MSS Version 1.1 ACL names changed from case-sensitive to case-insensitive

MSS Version 3.0 capture option deprecated

MSS Version 4.1 The any option is supported for the source or destination IP address and mask. This

option is equivalent to 0.0.0.0 255.255.255.255.

Note: The any option is shown in the configuration file as

0.0.0.0 255.255.255.255, regardless of whether you specify any or

0.0.0.0 255.255.255.255 when you configure the ACE.

The dscp codepoint is added. This option enables you to filter based on a packet

Differentiated Services Code Point (DSCP) value.

MSS Version 6.2 Using MAC addresses to define ACLs is now supported.