Appendix A: New Features Supported on Line Cards368 SmartSwitch Router User Reference ManualToS RewriteThe ToS rewrite command allows a network administrator to change the value in the ToSoctet (which includes both the Precedence or ToS fields) in each IP packet. The SSR looksat every IP packet coming into the interface, and if a packet matches the definedparameters (Source IP, Destination IP, Source Port, Destination Port, or ToS Octet), the SSRrewrites the ToS Octet to a specific value.The ToS rewrite command is incorporated in the QoS set ip command. The ToS rewritecommand can apply to an incoming IP interface or to specific incoming ports whenimplemented together with layer 4 bridging. In both cases, ports that are associated withthe incoming IP interface or the incoming port itself must reside on -AA or T-series linecards. The ports associated with the outgoing IP interfaces do not require -AA or T-seriesline cards. However, the outgoing ports for layer 4 bridging must be on -AA or T-seriesline cards; therefore, when ToS rewrite is applied on ports, both incoming and outgoingports must be on -AA or T-series line cards.Established Bit ACLEstablished Bit ACL is an enhancement to the existing ACL feature. It allows networkadministrator to either permit or deny TCP connections being “established.” EstablishedBit ACL can only be enabled from the TCP ACL configuration. The network administratorthen applies this ACL to the IP interface.Established Bit ACL is usually used to permit TCP connections being established from theinside (Enterprise) but deny TCP connections being established from the outside(Internet). Therefore, Established Bit ACL is usually applied to the incoming interfaceconnected to the external network. Ports that are associated with the interface whereEstablished Bit ACL is required have to reside on -AA or T-series line cards.Multiple IPX EncapsulationThe SSR currently supports one output encapsulation per port. In some IPX networks,multiple IPX encapsulations might be required due to different encapsulation settings onthe servers. This poses an issue for clients requiring access to all these servers. Firmwareversion 3.1 will support multiple IPX encapsulations on an IPX interface. This featurerequires -AA or T-series line cards.Multiple IPX encapsulation allows a network administrator to create an IPX interface witha secondary interface using a different output encapsulation. The supported IPXencapsulation types are: Ethernet II, 802.3 SNAP, 802.3, and 802.2. Ports that are assignedto an IPX interface with multiple IPX encapsulations, either through a VLAN or directlyattached, must reside on -AA or T-series line cards. When a VLAN is extended to multipledevices through 802.1Q trunk ports, all trunk and access ports on other systems must alsoreside on -AA or T-series line cards. Ports assigned to an IPX interface with a singleencapsulation do not require -AA or T-series line cards.