D-Link DXS-3600-EM-8T CLI Guide - Page 34
permit | deny expert access-list
View all D-Link DXS-3600-EM-8T manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 34 highlights
DXS-3600 Series 10GbE Layer 2/3 Switch CLI Reference Guide 3-10 permit | deny (expert access-list) Use the permit command to add a permit entry. Use the deny command to add a deny entry. Use the no command to remove an entry. Extended expert ACL: [sn] {permit | deny} [ethernet-type] [[cos out [inner in]] | [vlan out [inner in]]] {source source-wildcard | host source | any} {source-mac-address mask | host source-mac-address | any} {destination destination-wildcard | host destination | any} {destination-mac-address mask | host destination-mac-address | any} [time-range time-range-name] [sn] {permit | deny} protocol [vlan out [inner in]] {source source-wildcard | host source | any} {source-macaddress mask | host source-mac-address | any} {destination destination-wildcard | host destination | any} {destination-mac-address mask | host destination-mac-address | any} [precedence precedence] [tos tos] [fragments] [time-range time-range-name] Extended expert ACLs of some important protocols: [sn] {permit | deny} tcp [vlan out [inner in]] {source source-wildcard | host source | any} {source-mac-address mask | host source-mac-address | any} [operator port]] {destination destination-wildcard | host destination | any} {destination-mac-address mask | host destination-mac-address | any} [operator port] [precedence precedence] [tos tos] [fragments] [time-range time-range-name] [tcp-flag] [sn] {permit | deny} udp [vlan out [inner in]] {source source-wildcard | host source | any} {source-mac-address mask | host source-mac-address | any} [operator port] {destination destination-wildcard | host destination | any} {destination-mac-address mask | host destination-mac-address | any} [operator port] [precedence precedence] [tos tos] [fragments] [time-range time-range-name] [sn] {permit | deny} icmp [vlan out [inner in]] {source source-wildcard | host source | any} {source-mac-address mask | host source-mac-address | any} {destination destination-wildcard | host destination | any} {destinationmac-address mask | host destination-mac-address | any} [icmp-type] [[icmp-type [icmp-code]] | [icmpmessage]] [precedence precedence] [tos tos] [fragments] [time-range time-range-name] no sn Parameters sn source source-wildcard host source any destination destination-wildcard host destination source-mac-address destination-mac-address mask vlan out vlan inner in cos out cos inner in ethernet-type (Optional) Specifies the ACE sequence number. This number must be between 1 and 65535. Specifies the source IP address. Applies wildcard bits to the source. Specifies a specific source IP address. Means any source or destination IP or MAC address. Specifies the destination IP address. Applies wildcard bits to the destination. Specifies a specific destination IP address. Specifies the source MAC address. Specifies the destination MAC address. Specifies the MAC address mask. (Optional) Specifies the outer VID used. This value must be between 1 and 4094. (Optional) Specifies the inner VID used. This value must be between 1 and 4094. (Optional) Specifies the outer priority value. This value must be betwee 0 and 7. (Optional) Specifies the inner priority value. This value must be between 0 and 7. (Optional) Specifies the Ethernet type as a pair of hexadecimal numbers and mask (from 0x0 to 0xFFFF) or the name of an Ethernet type. Names that can be used are 'arp', 'aarp', 'appletalk', 'decnet-iv', 'etype-6000', 'etype-8042', 'lat', 'lavc-sca', 'mopconsole', 'mop-dump', 'vines-echo', 'vines-ip', 'xns-idp'. 26