D-Link DGS-6600-48TS Configuration Guide - Page 419
Configuring IP Extended Access Control Lists
View all D-Link DGS-6600-48TS manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 419 highlights
Volume 8-Security & Authentication / Chapter 38-Access Control Lists (ACL) ACL Configuration Commands In the following example, the user creates an access control list called "IT-Management" that allows IP host 192.168.50.222 to access the Switch, which has an IP address of 192.168.50.1, and disallows all other hosts from making a connection to the Switch. The user then applies the ACL to Ethernet interface 4.5, which is connected to the IP host that has an IP address of 192.168.50.222: DGS-6600:2>enable DGS-6600:15#configure terminal DGS-6600:15(config)#ip access-list IT-Management The maximum available of IP access-list is 255 DGS-6600:15(config-ip-acl)#permit 192.168.50.222 255.255.255.255 host 192.168.50.1 DGS-6600:15(config-ip-acl)#deny any host 192.168.50.1 DGS-6600:15(config-ip-acl)#end DGS-6600:15#configure terminal DGS-6600:15(config)#interface eth4.5 DGS-6600:15(config-if)#ip access-group IT-Management The maximum available entry of IP ACL bind to interface in ingress direction is: 1278 The maximum available port operator (gt/lt) is: 16 DGS-6600:15(config-if)#end Configuring IP Extended Access Control Lists For IP extended access control lists, the user can define the permit/deny statement based on IP address, layer 4 port ID, and classification of service information. The user can also enter the statement with a time-range profile. Use the following commands to create or modify an IP extended access control list: Command ip access-list extended NAME {permit | deny} tcp {any | host SRC-IPADDR | SRC-IP-ADDR MASK} [OPERATOR PORT] {any | host DST-IP-ADDR | DST-IP-ADDR MASK} [OPERATOR PORT] [precedence PRECEDENCE | tos TOS | dscp DSCP] [time-range PROFILE-NAME] [priority PRIORITY] {permit | deny} udp {any | host SRC-IPADDR | SRC-IP-ADDR MASK} [OPERATOR PORT] {any | host DST-IP-ADDR | DST-IP-ADDR MASK} [OPERATOR PORT] [precedence PRECEDENCE | tos TOS | dscp DSCP] [timerange PROFILE-NAME] [priority PRIORITY] {permit | deny} [gre | esp | eigrp | icmp | igmp | ospf | pim | vrrp | protocol-id PROTOCOL-ID]{any | host SRC-IP-ADDR | SRC-IP-ADDR MASK} {any | host DST-IP-ADDR | DST-IP-ADDR MASK [precedence PRECEDENCE | tos TOS |dscp DSCP] [time-range PROFILE-NAME] [priority PRIORITY] Explanation Creates or modifies an IP extended access control list. Permits or denies TCP packets based on the specified source/destination IP address, TCP port, or IP header traffic class information. Permits or denies UDP packets based on the specified source/destination IP address, UDP port, or IP header traffic class information. Permits or denies the specified layer 4 protocol packet based on the specified source/destination IP address, port, or IP header traffic class information. DGS-6600 Configuration Guide 419