D-Link DGS-6600-48T Product Manual - Page 469
time-range, tcp, udp, icmp, gre, esp, eigrp, ospf, pim, vrrp, OPERATOR, PROFILE
View all D-Link DGS-6600-48T manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 469 highlights
DGS-6604 m permit | deny (ip access-list) OPERATOR PORT (Optional) Compares source or destination port. OPERATOR can be lt (less than, match on a lower port number), gt (greater than, match on a greater port), eq (equal, match on a specific port). The PORT argument can be the L4 TCP/UDP source or destination port, as specified by a number from 0 to 65535. time-range PROFILENAME (Optional) Specifies the name of time-period profile for activation of the access-list. In the no form of the commands, this option, time-range (without PROFILE-NAME),removes the setting of the active timer-period, rather than removing the whole entry. PRIORITY The range is 1 to 65535. The less number represents for the better priority. It represents the rule sequence number. tcp, udp, icmp, igmp, gre, Layer 4 protocols. esp, eigrp, ospf, pim, vrrp PROTOCOL-ID Protocol ID refers to the protocol field in the IP header, as specified by a number from 0 to 65535. Default Command Mode Usage Guideline Example None ip access-list configuration or ip extended access-list configuration An interface can have only one MAC access list, one IP access list and one IPv6 access list applied to it. The time range profile must be created before it can be specified in the statement. Otherwise an error message will be displayed. An error message will be displayed if the maximum number defined by the system is exceeded. All the configurable arguments (excluding time-range and priority) can be used to differentiate one from another. These arguments are called differentiated arguments. To remove an entry with the no form of this command, it is necessary to specify the entry using the same value of all differentiating arguments that have been specified (includes all optional parameters except time-range and priority). To update the time-range or priority, specify the entry with the same value of all differentiating arguments, that have been configured, and the update value for the time-range or priority. The priority value must be unique in the domain of an access-list. If a priority value that is already present is entered, an error message will be shown. This example shows create three entries for an ip access-list, named "StrictControl". The three entries are: tcp packets destined to network 10.20.0.0/16, tcp packets destined to host 10.100.1.2 and all icmp packets. CLI Reference Guide 459