Dell Force10 S2410-01-10GE-24P SFTOS Command Reference - Page 380

www.dell.com | support.dell.com Syntax IP Standard ACL: OOEnn6g1a-9n9C{deny | permit} {every | srcip srcmask} [log] [assign-queue queue-id] [{mirror | redirect} unit/slot/port] Note: The mirror option is supported in the S50V and S25P models only. IP Extended ACL: access-list 100-199 {deny | permit} {every | icmp | igmp | ip | tcp | udp | protocol_number} {any | srcip srcmask} {any | eq {portkey | 0-65535}{any | dstip dstmask} [eq {portkey | 0-65535}] [precedence precedence | tos tos tosmask | dscp dscp] [log] [assign-queue queue-id] [redirect unit/slot/port] Use the no access-list ACLnumber version of this command to delete an ACL (identified by a number in the range 1-199). Parameters 1-99 and 100-199 deny | permit every | srcip srcmask every | icmp | igmp | ip | tcp | udp | protocol_number any|srcip and srcmask {any|eq {portkey | 0-65535}] {any|dstip dstmask} eq {portkey | 0-65535} [precedence precedence | tos tos tosmask | dscp dscp] Assign an integer in the range 1 to 99 to an access list for an IP standard ACL. Use an integer in the range 100 to 199 for an IP extended ACL. Specify whether the IP ACL rule permits or denies an action. For an IP Standard ACL, select the source to filter. Enter either the keyword every, to match every packet, or use the srcip and srcmask parameters to specify a source IP address and source mask for a match condition of the ACL rule (srcmask is an inverse mask, also called a wildcard mask, as described at the beginning of this chapter). For an IP Extended ACL, you have three choices for the source to filter: • As above, the keyword every matches every packet. • The other keywords specify the protocol to filter- ICMP, IGMP, IP, TCP, or UDP. • Otherwise, enter the protocol number to match, from 1 to 255. Enter either any, to match any source IP address, or use the srcip and srcmask parameters to specify a source IP address and source mask for a match condition of the ACL rule (srcmask is an inverse mask, also called a wildcard mask, as described at the beginning of this chapter). For an IP Extended ACL, specify the source Layer 4 port match condition for the IP ACL rule. You can enter: • the keyword any, to accept any Layer 4 port ID • the keyword eq and then enter either: •the portkey, which can be one of the following keywords: domain, echo, ftp, ftpdata, http, smtp, snmp, telnet, tftp, or www. Each of these values translates into its equivalent port number, which is used as both the start and end of a port range. •the Layer 4 port number, which ranges from 0-65535 For an IP Extended ACL, specify a destination IP address and destination mask for the match condition of the ACL rule (dstmask is an inverse mask, as above). This option is available for both any and dstip dstmask, and the variables are as defined above. (OPTIONAL) For an IP Extended ACL, specifies the type of service (TOS) for an IP ACL rule depending on a match of precedence or DSCP values using the parameters precedence, tos/tosmask, dscp. 380 | ACL Commands