D-Link DGS-3130 Emulator - Page 55

DGS-3130 Layer 3 Stackable Managed Switch CLI Reference Guide

51

Switch# configure terminal

Switch(config)# vlan access-map vlan-map 30

Switch(config-access-map)# match mac address ext_mac

Switch(config-access-map)# end

Switch# show vlan access-map

VLAN access-map vlan-map 20

match ip address:

sp1(ID: 3999)

action: forward

VLAN access-map vlan-map 30

match mac address:

ext_mac(ID: 7999)

action: forward

Switch#

4-14

permit | deny (expert access-list)

This command is used to add a permit or deny entry. Use the

no

form of this command to remove an entry.

Extended Expert ACL:

[

SEQUENCE-NUMBER

] {permit | deny}

PROTOCOL

{

SRC-IP-ADDR SRC-IP-WILDCARD

| host

SRC-IP-

ADDR

| any} {

SRC-MAC-ADDR SRC-MAC-WILDCARD

| host

SRC-MAC-ADDR

| any} {

DST-IP-ADDR DST-

IP-WILDCARD

| host

DST-IP-ADDR

| any} {

DST-MAC-ADDR DST-MAC-WILDCARD

| host

DST-MAC-ADDR

| any} [cos

OUTER-COS

[inner

INNER-COS

]] [{vlan

OUTER-VLAN

} [inner

INNER-VLAN

]] [fragments]

[[precedence

PRECEDENCE

] [tos

TOS

] | dscp

DSCP

] [time-range

PROFILE-NAME

]

[

SEQUENCE-NUMBER

] {permit | deny} tcp {

SRC-IP-ADDR

SRC-IP-WILDCARD

| host

SRC-IP-ADDR

| any}

{

SRC-MAC-ADDR

SRC-MAC-WILDCARD

| host

SRC-MAC-ADDR

| any} [{eq | lt | gt | neq}

PORT

| range

MIN-PORT

MAX-PORT

] {

DST-IP-ADDR

DST-IP-WILDCARD

| host

DST-IP-ADDR

| any} {

DST-MAC-ADDR

DST-MAC-WILDCARD

| host

DST-MAC-ADDR


PORT

| range

MIN-PORT

MAX-

PORT

] [

TCP-FLAG

] [cos

OUTER-COS

[inner

INNER-COS

]] [{vlan

OUTER-VLAN

} [inner

INNER-VLAN

]]

[[precedence

PRECEDENCE

] [tos

TOS

] | dscp

DSCP

] [time-range

PROFILE-NAME

]

[

SEQUENCE-NUMBER

] {permit | deny} udp {

SRC-IP-ADDR

SRC-IP-WILDCARD

| host

SRC-IP-ADDR

|

any} {

SRC-MAC-ADDR

SRC-MAC-WILDCARD

| host

SRC-MAC-ADDR


PORT

|

range

MIN-PORT

MAX-PORT

] {

DST-IP-ADDR

DST-IP-WILDCARD

| host

DST-IP-ADDR

| any} {

DST-MAC-

ADDR

DST-MAC-WILDCARD

| host

DST-MAC-ADDR


PORT

| range

MIN-PORT

MAX-PORT

] [cos

OUTER-COS

[inner

INNER-COS

]] [{vlan

OUTER-VLAN

} [inner

INNER-VLAN

]]

[[precedence

PRECEDENCE

] [tos

TOS

] | dscp

DSCP

] [time-range

PROFILE-NAME

]

[

SEQUENCE-NUMBER

] {permit | deny} icmp {

SRC-IP-ADDR

SRC-IP-WILDCARD

| host

SRC-IP-ADDR

|

any} {

SRC-MAC-ADDR

SRC-MAC-WILDCARD

| host

SRC-MAC-ADDR

| any} {

DST-IP-ADDR

DST-IP-

WILDCARD

| host

DST-IP-ADDR

| any} {

DST-MAC-ADDR

DST-MAC-WILDCARD

| host

DST-MAC-ADDR

|

any} [

ICMP-TYPE

[

ICMP-CODE

] |

ICMP-MESSAGE

] [cos

OUTER-COS

[inner

INNER-COS

]] [{vlan

OUTER-

VLAN

} [inner

INNER-VLAN

]] [[precedence

PRECEDENCE

] [tos

TOS

] | dscp

DSCP

] [time-range

PROFILE-

NAME

]

no

SEQUENCE-NUMBER

Parameters

SEQUENCE-NUMBER

Specifies the sequence number. The range is from 1 to 65535. The lower the

number is, the higher the priority of the permit/deny rule.

PROTOCOL

(Optional) Specifies the IP protocol ID or one of the following protocol names.

Available protocol names are

eigrp

,

esp

,

gre

,

igmp

,

ospf

,

pim

,

vrrp

,

pcp

and

ipinip

. If the protocol ID is specified,

the

MASK

(0x0-0xff) parameter is optional

.

The bit corresponding to the bit value 0 will be ignored. The bit corresponding to

the bit value 1 will be checked.

cos

OUTER-COS

(Optional) Specifies the outer priority value. This value must be between 0 and 7.

D-Link DGS-3130 Emulator - Page 55

permit | deny expert access-list

Page 55 highlights