C H A P T E R 7 |
Quality of Service (QoS) Commands |
This chapter describes the Quality of Service (QoS) commands available in the FASTPATH® CLI.
The commands in this chapter are in two functional groups:
This chapter contains the following sections:
This section describes the commands you use to configure and view Class of Service (CoS) settings for the switch. The commands in this section allow you to control the priority and transmission rate of traffic.
Note - Commands you issue in the Interface Config mode only affect a single interface. Commands you issue in the Global Config mode affect all interfaces. |
This command maps an 802.1p priority to an internal traffic class. The <userpriority> values can range from 0-7. The <trafficclass> values range from 0-6, although the actual number of available traffic classes depends on the platform. For more information about 802.1p priority, see Provisioning (IEEE 802.1p) Commands.
This command maps each 802.1p priority to its default internal traffic class value.
This command maps an IP precedence value to an internal traffic class. The <ip-precedence> values can range from 0-7. The <trafficclass> values can range from 0-6, although the actual number of available traffic classes depends on the platform.
classofservice ip-precedence-mapping <ip-precedence> <trafficclass> |
|
---|---|
This command maps each IP precedence value to its default internal traffic class value.
This command maps an IP DSCP value to an internal traffic class. The <ipdscp> value is specified as either an integer from 0 to 63, or symbolically through one of the following keywords: af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, be, cs0, cs1, cs2, cs3, cs4, cs5, cs6, cs7, ef.
The <trafficclass> values can range from 0-6, although the actual number of available traffic classes depends on the platform.
This command maps each IP DSCP value to its default internal traffic class value.
This command sets the class of service trust mode of an interface. You can set the mode to trust one of the Dot1p (802.1p), IP DSCP, or IP Precedence packet markings. You can also set the interface mode to untrusted. If you configure an interface to use Dot1p, the mode does not appear in the output of the show running config command because Dot1p is the default.
classofservice trust {dot1p | ip-dscp | ip-precedence | untrusted} |
|
This command sets the interface mode to the default value.
This command specifies the minimum transmission bandwidth guarantee for each interface queue. The total number of queues supported per interface is platform specific. A value from 0-100 (percentage of link rate) must be specified for each supported queue, with 0 indicating no guaranteed minimum bandwidth. The sum of all values entered must not exceed 100.
This command restores the default for each queue's minimum bandwidth value.
This command activates the strict priority scheduler mode for each specified queue.
cos-queue strict <queue-id-1> [<queue-id-2> ... <queue-id-n>] |
|
---|---|
This command restores the default weighted scheduler mode for each specified queue.
no cos-queue strict <queue-id-1> [<queue-id-2> ... <queue-id-n>] |
|
---|---|
This command specifies the maximum transmission bandwidth limit for the interface as a whole. Also known as rate shaping, traffic shaping has the effect of smoothing temporary traffic bursts over time so that the transmitted traffic rate is bounded.
This command restores the interface shaping rate to the default value.
This command displays the current Dot1p (802.1p) priority mapping to internal traffic classes for a specific interface. The <slot/port> parameter is optional and is only valid on platforms that support independent per-port class of service mappings. If specified, the 802.1p mapping table of the interface is displayed. If omitted, the most recent global configuration settings are displayed. For more information, see Provisioning (IEEE 802.1p) Commands.
The following information is repeated for each user priority.
The traffic class internal queue identifier to which the user priority value is mapped. |
This command displays the current IP Precedence mapping to internal traffic classes for a specific interface. The slot/port parameter is optional and is only valid on platforms that support independent per-port class of service mappings. If specified, the IP Precedence mapping table of the interface is displayed. If omitted, the most recent global configuration settings are displayed.
The following information is repeated for each user priority.
The traffic class internal queue identifier to which the IP Precedence value is mapped. |
This command displays the current IP DSCP mapping to internal traffic classes for the global configuration settings.
The following information is repeated for each user priority.
The traffic class internal queue identifier to which the IP DSCP value is mapped.
This command displays the current trust mode setting for a specific interface. The <slot/port> parameter is optional and is only valid on platforms that support independent per-port class of service mappings. If you specify an interface, the command displays the port trust mode of the interface. If you do not specify an interface, the command displays the most recent global configuration settings.
This command displays the class-of-service queue configuration for the specified interface. The slot/port parameter is optional and is only valid on platforms that support independent per-port class of service mappings. If specified, the class-of-service queue configuration of the interface is displayed. If omitted, the most recent global configuration settings are displayed.
This section describes the commands you use to configure QOS Differentiated Services (DiffServ).
You configure DiffServ in several stages by specifying three DiffServ components:
The DiffServ class defines the packet filtering criteria. The attributes of a DiffServ policy define the way the switch processes packets. You can define policy attributes on a per-class instance basis. The switch applies these attributes when a match occurs.
Packet processing begins when the switch tests the match criteria for a packet. The switch applies a policy to a packet when it finds a class match within that policy.
The following rules apply when you create a DiffServ class:
A given class definition can contain a maximum of one reference to another class. You can combine the reference with other match criteria. The referenced class is truly a reference and not a copy since additions to a referenced class affect all classes that reference it. Changes to any class definition currently referenced by any other class must result in valid class definitions for all derived classes, otherwise the switch rejects the change. You can remove a class reference from a class definition.
The only way to remove an individual match criterion from an existing class definition is to delete the class and re-create it.
Note - Traffic to be processed by the DiffServ feature requires an IP header. |
This command sets the DiffServ operational mode to active. While disabled, the DiffServ configuration is retained and can be changed, but it is not activated. When enabled, Diffserv services are activated.
This command sets the DiffServ operational mode to inactive. While disabled, the DiffServ configuration is retained and can be changed, but it is not activated. When enabled, Diffserv services are activated.
Use the DiffServ class commands to define traffic classification. To classify traffic, you specify Behavior Aggregate (BA), based on DSCP and Multi-Field (MF) classes of traffic (name, match criteria)
This set of commands consists of class creation/deletion and matching, with the class match commands specifying Layer 3, Layer 2, and general match criteria. The class match criteria are also known as class rules, with a class definition consisting of one or more rules to identify the traffic that belongs to the class.
Note - Once you create a class match criterion for a class, you cannot change or delete the criterion. To change or delete a class match criterion, you must delete and re-create the entire class. |
The CLI command root is class-map.
This command defines a DiffServ class of type match-all. When used without any match condition, this command enters the class-map mode. The <class-map-name> is a case sensitive alphanumeric string from 1 to 31 characters uniquely identifying an existing DiffServ class.
Note - The class-map-name 'default' is reserved and must not be used. |
The class type of match-all indicates all of the individual match conditions must be true for a packet to be considered a member of the class.
Note - The CLI mode is changed to Class-Map Config when this command is successfully executed. |
This command eliminates an existing DiffServ class. The <class-map-name> is the name of an existing DiffServ class ( The class name 'default' is reserved and is not allowed here). This command may be issued at any time; if the class is currently referenced by one or more policies or by any other class, the delete action fails.
This command changes the name of a DiffServ class. The <class-map-name> is the name of an existing DiffServ class. The <new-class-map-name> parameter is a case-sensitive alphanumeric string from 1 to 31 characters uniquely identifying the class (The <class-map-name> ‘default’ is reserved and must not be used here).
This command adds to the specified class definition a match condition based on the value of the ethertype. The <ethertype> value is specified as one of the following keywords: appletalk, arp, ibmsna, ipv4, ipv6, ipx, mplsmcast, mplsucast, netbios, novell, pppoe, rarp or as a custom ethertype value in the range of 0x0600-0xFFFF.
Note - This command is not available on the Broadcom 5630x platform. |
This command adds to the specified class definition a match condition whereby all packets are considered to belong to the class.
This command adds to the specified class definition the set of match conditions defined for another class. The <refclassname> is the name of an existing DiffServ class whose match conditions are being referenced by the specified class definition.
This command removes from the specified class definition the set of match conditions defined for another class. The <refclassname> is the name of an existing DiffServ class whose match conditions are being referenced by the specified class definition.
This command adds to the specified class definition a match condition for the Class of Service value (the only tag in a single tagged packet or the first or outer 802.1Q tag of a double VLAN tagged packet). The value may be from 0 to 7.
Note - This command is not available on the Broadcom 5630x platform. |
This command adds to the specified class definition a match condition for the secondary Class of Service value (the inner 802.1Q tag of a double VLAN tagged packet). The value may be from 0 to 7.
Note - This command is not available on the Broadcom 5630x platform. |
This command adds to the specified class definition a match condition based on the destination MAC address of a packet. The <macaddr> parameter is any layer 2 MAC address formatted as six, two-digit hexadecimal numbers separated by colons (e.g., 00:11:22:dd:ee:ff). The <macmask> parameter is a layer 2 MAC address bit mask, which need not be contiguous, and is formatted as six, two-digit hexadecimal numbers separated by colons (e.g., ff:07:23:ff:fe:dc).
Note - This command is not available on the Broadcom 5630x platform. |
This command adds to the specified class definition a match condition based on the destination IP address of a packet. The <ipaddr> parameter specifies an IP address. The <ipmask> parameter specifies an IP address bit mask and must consist of a contiguous set of leading 1 bits.
This command adds to the specified class definition a match condition based on the destination layer 4 port of a packet using a single keyword or numeric notation. To specify the match condition as a single keyword, the value for <portkey> is one of the supported port name keywords. The currently supported <portkey> values are: domain, echo, ftp, ftpdata, http, smtp, snmp, telnet, tftp, www. Each of these translates into its equivalent port number. To specify the match condition using a numeric notation, one layer 4 port number is required. The port number is an integer from 0 to 65535.
This command adds to the specified class definition a match condition based on the value of the IP DiffServ Code Point (DSCP) field in a packet, which is defined as the high-order six bits of the Service Type octet in the IP header (the low-order two bits are not checked). The <dscpval> value is specified as either an integer from 0 to 63, or symbolically through one of the following keywords: af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, be, cs0, cs1, cs2, cs3, cs4, cs5, cs6, cs7, ef.
This command adds to the specified class definition a match condition based on the value of the IP Precedence field in a packet, which is defined as the high-order three bits of the Service Type octet in the IP header (the low-order five bits are not checked). The precedence value is an integer from 0 to 7.
This command adds to the specified class definition a match condition based on the value of the IP TOS field in a packet, which is defined as all eight bits of the Service Type octet in the IP header. The value of <tosbits> is a two-digit hexadecimal number from 00 to ff. The value of <tosmask> is a two-digit hexadecimal number from 00 to ff. The <tosmask> denotes the bit positions in <tosbits> that are used for comparison against the IP TOS field in a packet. For example, to check for an IP TOS value having bits 7 and 5 set and bit 1 clear, where bit 7 is most significant, use a <tosbits> value of a0 (hex) and a <tosmask> of a2 (hex).
Note - This “free form” version of the IP DSCP/Precedence/TOS match specification gives the user complete control when specifying which bits of the IP Service Type field are checked. |
This command adds to the specified class definition a match condition based on the value of the IP Protocol field in a packet using a single keyword notation or a numeric value notation.
To specify the match condition using a single keyword notation, the value for <protocol-name> is one of the supported protocol name keywords. The currently supported values are: icmp, igmp, ip, tcp, udp. A value of ip matches all protocol number values.
To specify the match condition using a numeric value notation, the protocol number is a standard value assigned by IANA and is interpreted as an integer from 0 to 255.
Note - This command does not validate the protocol number value against the current list defined by IANA. |
This command adds to the specified class definition a match condition based on the source MAC address of a packet. The <address> parameter is any layer 2 MAC address formatted as six, two-digit hexadecimal numbers separated by colons (e.g., 00:11:22:dd:ee:ff). The <macmask> parameter is a layer 2 MAC address bit mask, which may not be contiguous, and is formatted as six, two-digit hexadecimal numbers separated by colons (e.g., ff:07:23:ff:fe:dc).
Note - This command is not available on the Broadcom 5630x platform. |
This command adds to the specified class definition a match condition based on the source IP address of a packet. The <ipaddr> parameter specifies an IP address. The <ipmask> parameter specifies an IP address bit mask and must consist of a contiguous set of leading 1 bits.
This command adds to the specified class definition a match condition based on the source layer 4 port of a packet using a single keyword or numeric notation. To specify the match condition as a single keyword notation, the value for <portkey> is one of the supported port name keywords (listed below). The currently supported <portkey> values are: domain, echo, ftp, ftpdata, http, smtp, snmp, telnet, tftp, www. Each of these translates into its equivalent port number, which is used as both the start and end of a port range.
To specify the match condition as a numeric value, one layer 4 port number is required. The port number is an integer from 0 to 65535.
This command adds to the specified class definition a match condition based on the value of the layer 2 VLAN Identifier field (the only tag in a single tagged packet or the first or outer tag of a double VLAN tagged packet). The VLAN ID is an integer from 1 to 4095.
Note - This command is not available on the Broadcom 5630x platform. |
This command adds to the specified class definition a match condition based on the value of the layer 2 secondary VLAN Identifier field (the inner 802.1Q tag of a double VLAN tagged packet). The secondary VLAN ID is an integer from 1 to 4095.
Note - This command is not available on the Broadcom 5630x platform. |
Use the DiffServ policy commands to specify traffic conditioning actions, such as policing and marking, to apply to traffic classes
Use the policy commands to associate a traffic class that you define by using the class command set with one or more QoS policy attributes. Assign the class/policy association to an interface to form a service. Specify the policy name when you create the policy.
Each traffic class defines a particular treatment for packets that match the class definition. You can associate multiple traffic classes with a single policy. When a packet satisfies the conditions of more than one class, preference is based on the order in which you add the classes to the policy. The first class you add has the highest precedence.
This set of commands consists of policy creation/deletion, class addition/removal, and individual policy attributes.
The CLI command root is policy-map.
This command modifies the queue id to which the associated traffic stream is assigned. The queueid is an integer from 0 to n-1, where n is the number of egress queues supported by the device.
This command specifies that all packets for the associated traffic stream are to be dropped at ingress.
This command specifies that all incoming packets for the associated traffic stream are copied to a specific egress interface (physical port or LAG).
Note - This command is not available on the Broadcom 5630x platform. |
This command specifies that all incoming packets for the associated traffic stream are redirected to a specific egress interface (physical port or port-channel).
Note - This command is not available on the Broadcom 5630x platform. |
Use this command to enable color-aware traffic policing and define the conform-color class map. Used in conjunction with the police command where the fields for the conform level are specified. The <class-map-name> parameter is the name of an existing Diffserv class map.
Note - This command may only be used after specifying a police command for the policy-class instance. |
This command creates an instance of a class definition within the specified policy for the purpose of defining treatment of the traffic class through subsequent policy attribute statements. The <classname> is the name of an existing DiffServ class.
Note - This command causes the specified policy to create a reference to the class definition. |
Note - The CLI mode is changed to Policy-Class-Map Config when this command is successfully executed. |
This command deletes the instance of a particular class and its defined treatment from the specified policy. <classname> is the names of an existing DiffServ class.
Note - This command removes the reference to the class definition for the specified policy. |
This command marks all packets for the associated traffic stream with the specified class of service value in the priority field of the 802.1p header (the only tag in a single tagged packet or the first or outer 802.1Q tag of a double VLAN tagged packet). If the packet does not already contain this header, one is inserted. The CoS value is an integer from 0 to 7.
This command marks all packets for the associated traffic stream with the specified IP DSCP value.
The <dscpval> value is specified as either an integer from 0 to 63, or symbolically through one of the following keywords: af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, be, cs0, cs1, cs2, cs3, cs4, cs5, cs6, cs7, ef.
This command marks all packets for the associated traffic stream with the specified IP Precedence value. The IP Precedence value is an integer from 0 to 7.
This command is used to establish the traffic policing style for the specified class. The simple form of the police command uses a single data rate and burst size, resulting in two outcomes: conform and violate. The conforming data rate is specified in kilobits-per-second (Kbps) and is an integer from 1 to 4294967295. The conforming burst size is specified in kilobytes (KB) and is an integer from 1 to 128.
For each outcome, the only possible actions are drop, set-cos-transmit, set-dscp-transmit, set-prec-transmit, or transmit. In this simple form of the police command, the conform action defaults to transmit and the violate action defaults to drop.
For set-dscp-transmit, a <dscpval> value is required and is specified as either an integer from 0 to 63, or symbolically through one of the following keywords: af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, be, cs0, cs1, cs2, cs3, cs4, cs5, cs6, cs7, ef.
For set-prec-transmit, an IP Precedence value is required and is specified as an integer from 0-7.
For set-cos-transmit an 802.1p priority value is required and is specified as an integer from 0-7.
This command establishes a new DiffServ policy. The <policyname> parameter is a case-sensitive alphanumeric string from 1 to 31 characters uniquely identifying the policy. The type of policy is specific to the inbound traffic direction as indicated by the in parameter.
Note - The CLI mode is changed to Policy-Map Config when this command is successfully executed. |
This command eliminates an existing DiffServ policy. The <policyname> parameter is the name of an existing DiffServ policy. This command may be issued at any time. If the policy is currently referenced by one or more interface service attachments, this delete attempt fails.
This command changes the name of a DiffServ policy. The <policyname> is the name of an existing DiffServ class. The <newpolicyname> parameter is a case-sensitive alphanumeric string from 1 to 31 characters uniquely identifying the policy.
Use the DiffServ service commands to assign a DiffServ traffic conditioning policy, which you specified by using the policy commands, to an interface in the incoming direction
The service commands attach a defined policy to a directional interface. You can assign only one policy at any one time to an interface in the inbound direction. DiffServ is not used in the outbound direction.
This set of commands consists of service addition/removal.
The CLI command root is service-policy.
This command attaches a policy to an interface in the inbound direction. The <policyname> parameter is the name of an existing DiffServ policy. This command causes a service to create a reference to the policy.
Note - This command effectively enables DiffServ on an interface in the inbound direction. There is no separate interface administrative 'mode' command for DiffServ. |
Note - Each interface can have one policy attached. |
This command detaches a policy from an interface in the inbound direction. The <policyname> parameter is the name of an existing DiffServ policy.
Use the DiffServ show commands to display configuration and status information for classes, policies, and services. You can display DiffServ information in summary or detailed formats. The status information is only shown when the DiffServ administrative mode is enabled.
This command displays all configuration information for the specified class. The <class-name> is the name of an existing DiffServ class.
If the class-name is specified the following fields are displayed.
This command displays the DiffServ General Status Group information, which includes the current administrative mode setting as well as the current and maximum number of rows in each of the main DiffServ private MIB tables. This command takes no options.
This command displays all configuration information for the specified policy. The <policyname> is the name of an existing DiffServ policy.
If the Policy Name is specified the following fields are displayed.
The policy type (Only inbound policy definitions are supported for this platform.) |
The following information is repeated for each class associated with this policy (only those policy attributes actually configured are displayed).
If the Policy Name is not specified this command displays a list of all defined DiffServ policies. The following fields are displayed.
This command displays policy service information for the specified interface and direction. The <slot/port> parameter specifies a valid slot/port number for the system.
This command displays all interfaces in the system to which a DiffServ policy has been attached. The inbound direction parameter is optional.
This command displays policy-oriented statistics information for the specified interface and direction. The <slot/port> parameter specifies a valid interface for the system.
Note - This command is only allowed while the DiffServ administrative mode is enabled. |
This command displays a summary of policy-oriented statistics information for all interfaces in the specified direction.
The following information is repeated for each interface and direction (only those interfaces configured with an attached policy are shown).
The current operational status of this DiffServ service interface. |
|
This section describes the commands you use to configure MAC ACL settings. MAC ACLs ensure that only authorized users have access to specific resources and block any unwarranted attempts to reach network resources.
The following rules apply+-to MAC ACLs:
This command creates a MAC Access Control List (ACL) identified by <name>, consisting of classification fields defined for the Layer 2 header of an Ethernet frame. The <name> parameter is a case-sensitive alphanumeric string from 1 to 31 characters uniquely identifying the MAC access list.
If a MAC ACL by this name already exists, this command enters Mac-Access-List config mode to allow updating the existing MAC ACL.
Note - The CLI mode changes to Mac-Access-List Config mode when you successfully execute this command. |
This command deletes a MAC ACL identified by <name> from the system.
This command changes the name of a MAC Access Control List (ACL). The <name> parameter is the name of an existing MAC ACL. The <newname> parameter is a case-sensitive alphanumeric string from 1 to 31 characters uniquely identifying the MAC access list.
This command fails if a MAC ACL by the name <newname> already exists.
This command creates a new rule for the current MAC access list. Each rule is appended to the list of configured rules for the list.
Note - The 'no' form of this command is not supported, since the rules within a MAC ACL cannot be deleted individually. Rather, the entire MAC ACL must be deleted and re-specified. |
Note - An implicit 'deny all' MAC rule always terminates the access list. |
Note - For BCM5630x and BCM5650x based systems, assign-queue, redirect, and mirror attributes are configurable for a deny rule, but they have no operational effect. |
A rule may either deny or permit traffic according to the specified classification fields. At a minimum, the source and destination MAC value must be specified, each of which may be substituted using the keyword any to indicate a match on any value in that field. The remaining command parameters are all optional, but the most frequently used parameters appear in the same relative order as shown in the command format.
The Ethertype may be specified as either a keyword or a four-digit hexadecimal value from 0x0600-0xFFFF. The currently supported <ethertypekey> values are: appletalk, arp, ibmsna, ipv4, ipv6, ipx, mplsmcast, mplsucast, netbios, novell, pppoe, rarp. Each of these translates into its equivalent Ethertype value(s).
The vlan and cos parameters refer to the VLAN identifier and 802.1p user priority fields, respectively, of the VLAN tag. For packets containing a double VLAN tag, this is the first (or outer) tag.
The assign-queue parameter allows specification of a particular hardware queue for handling traffic that matches this rule. The allowed <queue-id> value is 0-(n-1), where n is the number of user configurable queues available for the hardware platform. The assign-queue parameter is valid only for a permit rule.
For the Broadcom 5650x platform, the mirror parameter allows the traffic matching this rule to be copied to the specified <slot/port>, while the redirect parameter allows the traffic matching this rule to be forwarded to the specified <slot/port>. The assign-queue and redirect parameters are only valid for a permit rule.
Note - The mirror and redirect parameters are not available on the Broadcom 5630x platform. |
Note - The special command form {deny | permit} any any is used to match all Ethernet layer 2 packets, and is the equivalent of the IP access list “match every” rule. |
{deny|permit} {<srcmac> | any} {<dstmac> | any} [<ethertypekey> | <0x0600-0xFFFF>] [vlan {eq <0-4095>}] [cos <0-7>] [[log] [assign-queue <queue-id>]] [{mirror | redirect} <slot/port>] |
|
---|---|
This command attaches a specific MAC Access Control List (ACL) identified by <name> to an interface in a given direction. The <name> parameter must be the name of an existing MAC ACL.
An optional sequence number may be specified to indicate the order of this mac access list relative to other mac access lists already assigned to this interface and direction. A lower number indicates higher precedence order. If a sequence number is already in use for this interface and direction, the specified mac access list replaces the currently attached mac access list using that sequence number. If the sequence number is not specified for this command, a sequence number that is one greater than the highest sequence number currently in use for this interface and direction is used.
This command specified in 'Interface Config' mode only affects a single interface, whereas the 'Global Config' mode setting is applied to all interfaces. The 'Interface Config' mode command is only available on platforms that support independent per-port class of service queue configuration.
This command removes a MAC ACL identified by <name> from the interface in a given direction.
This command displays a MAC access list and all of the rules that are defined for the MAC ACL. Use the [name] parameter to identify a specific MAC ACL to display.
This section describes the commands you use to configure IP ACL settings. IP ACLs ensure that only authorized users have access to specific resources and block any unwarranted attempts to reach network resources.
The following rules apply to IP ACLs:
This command creates an IP Access Control List (ACL) that is identified by the access list number, which is 1-99 for standard ACLs or 100-199 for extended ACLs. ACL Command Parameters describes the parameters for the access-list command.
access-list <1-99> {deny | permit} {every | <srcip> <srcmask>} [log] [assign-queue <queue-id>] [{mirror | redirect} <unit/slot/port>] |
|
---|---|
This command deletes an IP ACL that is identified by the parameter <accesslistnumber> from the system. The range for <accesslistnumber> 1-99 for standard access lists and 100-199 for extended access lists.
This command attaches a specified IP ACL to one interface or to all interfaces.
An optional sequence number may be specified to indicate the order of this IP access list relative to other IP access lists already assigned to this interface and direction. A lower number indicates higher precedence order. If a sequence number is already in use for this interface and direction, the specified access list replaces the currently attached IP access list using that sequence number. If the sequence number is not specified for this command, a sequence number that is one greater than the highest sequence number currently in use for this interface and direction is used.
ip access-group <accesslistnumber> in [sequence <1-4294967295>] |
|
This command removes a specified IP ACL from an interface.
This command enables the ACL trap mode.
This command disables the ACL trap mode.
This command displays an IP ACL <accesslistnumber> is the number used to identify the IP ACL.
Note - Only the access list fields that you configure are displayed. |
This command displays IP ACLs and MAC access control lists information for a designated interface and direction.
© 2007 Diversified Technology, Inc. All Rights Reserved. © 2009 Sun Microsystems, Inc. All rights reserved.