Home
Главная
Qtech
Коммутаторы
QSW-3200-28T
Руководство пользователя Страница: 62

Qtech QSW-3200-28T Руководство пользователя онлайн [62/136] 481609

+7(495) 797-3311www.qtech.ru

Москва, Новозаводская ул., 18, стр. 1

The number ID of layer 2 ACL is in the range of 200 to 299.

Interface parameter in above command specifies layer 2 interface, such as Ethernet interface.

Concrete parameter meaning refers to corresponded command line.

(2) Define layer 2 ACL with name ID.

Layer 2 ACL with name ID is using name ID to identify layer 2 ACL.

Instruction:

Defining layer 2 ACL with name ID should enter specified configuration mode: use access-list

link in global configuration mode which can specify matching order of ACL. Use exit command

to be back from this mode.

Use following commands to define layer 2 ACL with name ID. Configure it in corresponded

mode.

Enter layer 2 ACL with name ID configuration mode (global configuration mode)

access-list link name [ match-order { config | auto } ]

Defining layer 2 ACL rule (layer 2 ACL with name ID configuration mode)

{ permit | deny } [ protocol ] [ cos vlan-pri ] ingress { { [ source-vlan-id ] [ source-mac-addr

source-mac-wildcard ] [ interface interface-num] } | any } egress { { [ dest-mac-addr dest-mac-

wildcard ] [ interface interface-num | cpu ] } | any } [ time-range time-range-name ]

Delete all the subitems or one subitem in one ACL with number ID or name ID or all ACLs.

(global configuration mode)

no access-list { all | { access-list-number | name access-list-name } [ subitem ] }

Use { permit | deny } command repeatedly to define more rules for the same ACL. Specifying

matching order cannot be modified.

By default, the matching order is user configured order (config).

Concrete parameter meaning refers to corresponded command line.

 User-defined ACL

Switch can define at most 100 user-defined ACL with the number ID (the number is in the

range of 300 to 399), at most 1000 user-defined ACL with the name ID and totally 3000 sub-

rules. It can define 128 sub-rules for an ACL (this rule can suit both ACL with name ID and

number ID). User-defined ACL can match any byte in the first 64 byte of data frame according

to the user’s definition and match ingress and egress to make corresponded handling to data

packet. Using user-defined ACL correctly should be better understanding the construction of

layer 2 data frame. In switch system, packet is in the form of 802.3 frame of SNAP+tag, so

user-defined ACL should be configured as the form of 802.3 frame of SNAP+tag. The

corresponded relationship between offset value and description of 802.3 frame of SNAP+tag

are as following:

Description

Offset value

Description

Offset value

Destination MAC address

TTL field

Source MAC address

Protocol number (6 means

TCP,17 means UDP)

VLAN tag field

IP checksum

Length field of dataframe

Source IP address

DSAP (destination service

accessing point) field

Destination IP address

SSAP (source service

accessing point) field

TCP source interface

Qtech QSW-3200-28T Руководство пользователя онлайн [62/136] 481609

Содержание

Похожие устройства