D-Link DXS-3600-32S CLI Guide - Page 27
permit | deny ip extended access-list
View all D-Link DXS-3600-32S manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 27 highlights
Usage Guideline DXS-3600 Series 10GbE Layer 2/3 Switch CLI Reference Guide Extended IP ACL only filters IPv4 packets. The name must be unique among all (including MAC, IP, IPv6 or Expert) access-lists and the first character of the name must be a letter. When creating an ACL through assigning a name, an ID will be assigned automatically. The ID assignment rule will start from the maximum ID of 3999 and decrease 1 per new ACL. When creating an ACL through assigning an ID, a name will be assigned automatically. The name assignment rule is 'ext-ip' + "-" + ID. If this name conflicts with the name of an existing ACL, then it will be renamed based on the following rule: 'ext-ip' + "-" + ID +"alt". Example This example shows how to create an extended ACL. DXS-3600-32S#configure terminal DXS-3600-32S(config)#ip access-list extended Ext-ip DXS-3600-32S(config-ext-nacl)#end DXS-3600-32S#show access-list Standard IP access list 1998 Std-acl 10 permit 10.20.0.0 0.0.255.255 Standard IP access list 1999 Std-ip Extended IP access list 3999 Ext-ip DXS-3600-32S# 3-4 permit | deny (ip extended access-list) Use the permit command to add a permit entry. Use the deny command to add a deny entry. Use the no command to remove a specific entry. Extended IP ACL: [sn] {permit | deny} protocol {source source-wildcard | host source | any} {destination destination-wildcard | host destination | any} [precedence precedence] [tos tos] [fragments] [time-range time-range-name] Extended IP ACLs of some important protocols: [sn] {permit | deny} tcp {source source-wildcard | host source | any} [operator port] {destination destinationwildcard | host destination | any} [operator port] [tcp-flag] [precedence precedence] [tos tos] [fragments] [time-range time-range-name] [sn] {permit | deny} udp {source source-wildcard | host source | any} [operator port] {destination destinationwildcard | host destination | any} [operator port] [precedence precedence] [tos tos] [fragments] [time-range time-range-name] [sn] {permit | deny} icmp {source source-wildcard | host source | any} {destination destination-wildcard | host destination | any} [{icmp-type [icmp-code] | icmp-message}] [precedence precedence] [tos tos] [fragments] [time-range time-range-name] no sn Parameters sn protocol source source-wildcard host source any (Optional) Specifies the ACE sequence number used. This number must be between 1 and 65535. Specifies the name or number of an IP protocol: 'eigrp', 'esp', 'gre', 'igmp', 'ip', 'ipinip', 'ospf', 'pcp', 'pim', 'tcp', 'udp', 'icmp' or an integer in the range 0 to 255 representing an IP protocol number. To match any Internet protocol. Additional specific parameters for 'tcp', 'udp', and 'icmp'. The 'ip' means any IP Protocol. Specifies the source IP address. Applies wildcard bits to the source. Specifies a specific source IP address. Means any source or destination IP address. 19