TP-Link T2500G-10MPS T2500G-10MPSUN V1 Configuration Guide - Page 577
Switch#con Switchconfig#access-list create, deny sip, smask, protocol, d-port
View all TP-Link T2500G-10MPS manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 577 highlights
Configuring ACL ACL Configuration Step 3 access-list extended acl-id rule rule-id {deny | permit} [ [sip source-ip] smask source-ipmask] [ [dip destination-ip] dmask destination-ip-mask] [tseg time-segment] [frag {disable | enable}] [dscp dscp] [s-port s-port] [d-port d-port] [tcpflag tcpflag] [protocol protocol] [tos tos] [pre pre] Add a rule for the ACL. acl-id: The ID number of the ACL you have created. rule-id: Assign an ID to the rule. It cannot be the same as the existing Extend-IP ACL Rule IDs. op: Specify the action to be taken with the packets that match the rule. Deny means to discard; permit means to forward. By default, it is set to permit. source-ip: Enter the source IP address. source-ip-mask: Enter the mask of the source IP address. This is required if a source IP address is entered. destination-ip: Enter the destination IP address. destination-ip-mask: Enter the mask of the destination IP address. This is required if a destination IP address is entered. time-segment: The name of the time-range. The default is No Limit. frag: Enable or disable matching of fragmented packets. The default is disable. When enabled, the rule will apply to all fragmented packets and always permit to forward the last fragment of a packet. dscp: Specify the DSCP value between 0 and 63. s-port: Enter the TCP/UDP source port if TCP/UDP protocol is selected. d-port: Enter the TCP/UDP destination port if TCP/UDP protocol is selected. tcpflag: For TCP protocol, specify the flag value using either binary numbers or * (for example, 01*010*). The default is *, which indicates that the flag will not be matched. The flags are URG (Urgent flag), ACK (acknowledge flag), PSH(push flag), RST(reset flag), SYN(synchronize flag), and FIN(finish flag) protocol: Specify a protocol type. tos: Specify the IP ToS to be matched. pre: Specify the IP Precedence to br matched. Step 4 end Return to privileged EXEC mode. Step 5 copy running-config startup-config Save the settings in the configuration file. The following example shows how to create Extend-IP ACL 1700 and configure Rule 7 to deny Telnet packets with source IP192.168.2.100: Switch#configure Switch(config)#access-list create 1700 Switch(config)#access-list extended 1700 rule 7 deny sip 192.168.2.100 smask 255.255.255.255 protocol 6 d-port 23 Switch(config)#show access-list 1700 Configuration Guide 550