Administrator Guide
Layer 2 Switching Commands 270
•
{mirror | redirect}
interface-id
—Specifies the mirror or redirect Ethernet
interface to which packets matching this rule are copied or forwarded,
respectively.
•
rate-limit
rate burst-size
—Specifies the allowed rate of traffic as per the
configured rate in kbps, and burst-size in kbytes. Rate limits only apply to
permit rules.
– Rate – the committed rate in kilobits per second
– Burst-size – the committed burst size in Kilobytes.
Default Configuration
No ACLs are configured by default. An implicit deny all condition is added by
the system after the last MAC or IP/IPv6 access group if no route-map is
configured on the interface.
Command Mode
Ipv4-Access-List Configuration mode
User Guidelines
Administrators are cautioned to specify permit and deny rule matches as fully
as is possible in order to avoid false matches. Rules that specify an IP port
value should also specify the protocol and and relevant IP addresses or
subnets. In general, any rule that specifies matching on an upper layer
protocol field should also include matching constraints for lower layer
protocol fields. For example, a rule to match packets directed to the well-
known UDP port number 22 (SSH) should also include constraints on the IP
protocol field (UDP). IPv4 and IPv6 ACLs implicitly include the Ethertype in
the match criteria. Below is a list of commonly used ethertypes:
Ethertype Protocol
0x0800 Internet Protocol version 4 (IPv4)
0x0806 Address Resolution Protocol (ARP)
0x0842 Wake-on LAN Packet
0x8035 Reverse Address Resolution Protocol (RARP)
0x8100 VLAN tagged frame (IEEE 802.1Q)
2CSNXXX_SWUM204.book Page 270 Monday, January 25, 2016 1:25 PM