D-Link DGS-3130 Emulator - Page 57

DGS-3130 Layer 3 Stackable Managed Switch CLI Reference Guide parameter-problem, port-unreachable, reassembly-timeout, redirect, renumcommand, renum-result, renum-seq-number, router-advertisement, routerrenumbering, router-solicitation, time-exceeded, unreachable. Default None. Command Mode Extended Expert Access-list Configuration Mode. Command Default Level Level: 12. Usage Guideline If a rule entry is created without a sequence number, a sequence number will be automatically assigned. If it is the first entry, the sequence number 10 is assigned. A subsequent rule entry will be assigned a sequence number that is 10 greater than the largest sequence number in that access list and is placed at the end of the list. The user can use the access-list resequence command to change the start sequence number and the increment number of entries for the specified access list. After the command is applied, new entries without any specified sequence number will be assigned a number based on the new sequence setting of the specified access list. When you manually assign the sequence number, it is better to have a reserved interval for future lower sequence number entries. Otherwise, it will be more difficult to insert an entry with a lower sequence number. The sequence number must be unique in the domain of an access list. If you enter a sequence number that is already present, an error message will be shown. Even if the fragment parameter of the tcp, udp and icmp parameters of the permit | deny (expert access-list) command is removed, the user can still use the PROTOCOL option of the permit | deny (expert access-list) command to configure the fragment parameter. Example This example shows how to use the extended expert ACL. The purpose is to deny all the TCP packets with the source IP address 192.168.4.12 and the source MAC address 00:13:00:49:82:72. Switch# configure terminal Switch(config)# expert access-list extended exp_acl Switch(config-exp-nacl)# deny tcp host 192.168.4.12 host 0013.0049.8272 any any Switch(config-exp-nacl)# 4-15 permit | deny (ip access-list) This command is used to add a permit or a deny entry. Use the no form of the command to remove an entry. Extended Access List: [SEQUENCE-NUMBER] {permit | deny} tcp {any | host SRC-IP-ADDR | SRC-IP-ADDR SRC-IP-WILDCARD} [{eq | lt | gt | neq} PORT | range MIN-PORT MAX-PORT] {any | host DST-IP-ADDR | DST-IP-ADDR DST-IPWILDCARD} [{eq | lt | gt | neq} PORT | range MIN-PORT MAX-PORT] [TCP-FLAG] [[precedence PRECEDENCE] [tos TOS] | dscp DSCP] [time-range PROFILE-NAME] [SEQUENCE-NUMBER] {permit | deny} udp {any | host SRC-IP-ADDR | SRC-IP-ADDR SRC-IPWILDCARD} [{eq | lt | gt | neq} PORT | range MIN-PORT MAX-PORT] {any | host DST-IP-ADDR | DST-IPADDR DST-IP-WILDCARD} [{eq | lt | gt | neq} PORT | range MIN-PORT MAX-PORT] [[precedence PRECEDENCE] [tos TOS] | dscp DSCP] [time-range PROFILE-NAME] 53