Home » Yamaha Manuals » Audio Mixers » Yamaha 10G » Manual Viewer

Yamaha 10G SWR2310-28GT/18GT/10G Command Reference - Page 229

Setting value, Description, Method of specifying, Initial value], Input mode], Description], access-

Get Yamaha 10G PDF manuals and user guides

Add to My Manuals
Save this manual to your list of manuals

Page 229 highlights

src-port dst-info dst-port Setting value A.B.C.D/M host A.B.C.D any Command Reference | Traffic control | 229 Description Specifies an IPv4 address (A.B.C.D) with subnet mask length (Mbit) Specifies a single IPv4 address (A.B.C.D) Applies to all IPv4 addresses : If protocol is specified as tcp or udp, this specifies the transmission source port number that is the condition. This can also be omitted. Method of specifying Description eq X Specify port number (X) range X Y Specify port numbers (X) through (Y) : Specifies the destination IPv4 address information that is the condition Setting value A.B.C.D E.F.G.H A.B.C.D/M host A.B.C.D any Description Specifies an IPv4 address (A.B.C.D) with wildcard bits (E.F.G.H) Specifies an IPv4 address (A.B.C.D) with subnet mask length (Mbit) Specifies a single IPv4 address (A.B.C.D) Applies to all IPv4 addresses : If protocol is specified as tcp or udp, this specifies the destination port number that is the condition. This can also be omitted. Method of specifying Description eq X Specify port number (X) range X Y Specify port numbers (X) through (Y) [Initial value] none [Input mode] global configuration mode [Description] Generates an IPv4 access list. Multiple conditions (maximum 256) can be specified for the generated access list. To apply the generated access list, use the access-group command of interface mode. If the "no" syntax is used to specify "action" and following, the IPv4 access list that matches all conditions is deleted. If the "no" syntax is used without specifying "action" and following, the IPv4 access list of the matching ID of access list is deleted. [Note] An access list that is applied to LAN/SFP port and logical interface cannot be deleted using the "no" syntax. You must first cancel the application, and then delete the access list. For both src-port and dst-port, you can use "range" to specify a range; however for the entire system, only one IPv4 access list that specifies a range in this way can be applied to the interface by using the access-group command. [Example] Create access list #1 that denies communication from the source segment 192.168.1.0/24 to the destination 172.16.1.1.

Section	Page
Contents	2
Introduction	12
How to read the command reference	13
1.1 Applicable firmware revision	13
1.2 How to read the command reference	13
1.3 Interface names	13
1.4 Input syntax for commands starting with the word \	14
How to use the commands	15
2.1 Operation via console	15
2.1.1 Access from a console terminal	15
2.1.2 Access from a TELNET client	15
2.1.3 Access from an SSH client	16
2.1.4 Console terminal/VTY settings	16
2.2 Operation via configuration (config) files	17
2.2.1 Access from a TFTP client	17
2.2.2 Reading/writing a configuration file	17
2.3 Login	18
2.4 Command input mode	18
2.4.1 Command input mode basics	18
2.4.2 individual configuration mode	19
2.4.3 Command prompt prefix	19
2.4.4 Executing commands of a different input mode	19
2.5 Keyboard operations when using the console	19
2.5.1 Basic operations for console input	20
2.5.2 Command help	20
2.5.3 Input command completion and keyword candidate list display	21
2.5.4 Entering command abbreviations	21
2.5.5 Command history	21
2.6 Commands that start with the word \	21
2.6.1 Modifiers	21
Configuration	23
3.1 Manage setting values	23
3.2 Default setting values	23
Maintenance and operation functions	26
4.1 Passwords	26
4.1.1 Set password for unnamed user	26
4.1.2 Set administrator password	26
4.1.3 Encrypt password	27
4.1.4 Allow login with special password	27
4.2 User account maintenance	28
4.2.1 Set user password	28
4.2.2 Show login user information	29
4.2.3 Set banner	30
4.3 Configuration management	31
4.3.1 Save running configuration	31
4.3.2 Save running configuration	31
4.3.3 Show the running configuration	32
4.3.4 Show startup configuration	33
4.3.5 Erase startup configuration	34
4.3.6 Copy startup configuration	34
4.3.7 Select startup config	35
4.3.8 Set description for startup config	35
4.4 Manage boot information	36
4.4.1 Show boot information	36
4.4.2 Clear boot information	36
4.4.3 Set SD card boot	37
4.4.4 Show the SD card boot setting information	37
4.5 Show unit information	37
4.5.1 Show inventory information	37
4.5.2 Show operating information	38
4.5.3 Disk usage status	39
4.5.4 Show currently-executing processes	39
4.5.5 Show technical support information	39
4.5.6 Save technical support information	40
4.6 Time management	41
4.6.1 Set clock manually	41
4.6.2 Set time zone	41
4.6.3 Show current time	42
4.6.4 Set NTP server	42
4.6.5 Synchronize time from NTP server (one-shot update)	43
4.6.6 Synchronize time from NTP server (update interval)	43
4.6.7 Show NTP server time synchronization settings	44
4.7 Terminal settings	44
4.7.1 Move to line mode (console terminal)	44
4.7.2 Set VTY port and move to line mode (VTY port)	44
4.7.3 Set terminal login timeout	45
4.7.4 Change the number of lines displayed per page for the terminal in use	46
4.7.5 Set the number of lines displayed per page on the terminal	46
4.8 Management	47
4.8.1 Set management VLAN	47
4.9 SYSLOG	47
4.9.1 Set log notification destination (SYSLOG server)	47
4.9.2 Set log output level (debug)	48
4.9.3 Set log output level (informational)	48
4.9.4 Set log output level (error)	48
4.9.5 Set log console output	49
4.9.6 Set log output in event units	49
4.9.7 Back up log	49
4.9.8 Set log backup to SD card	50
4.9.9 Clear log	50
4.9.10 Show log	50
4.10 SNMP	51
4.10.1 Set host that receives SNMP notifications	51
4.10.2 Set notification type to transmit	52
4.10.3 Set system contact	53
4.10.4 Set system location	54
4.10.5 Set SNMP community	54
4.10.6 Set SNMP view	55
4.10.7 Set SNMP group	55
4.10.8 Set SNMP user	56
4.10.9 Show SNMP community information	57
4.10.10 Show SNMP view settings	57
4.10.11 Show SNMP group settings	58
4.10.12 Show SNMP user settings	58
4.11 RMON	59
4.11.1 Set RMON function	59
4.11.2 Set RMON Ethernet statistical information group	59
4.11.3 Set RMON history group	60
4.11.4 Set RMON event group	61
4.11.5 Set RMON alarm group	62
4.11.6 Show RMON function status	64
4.11.7 Show RMON Ethernet statistical information group status	65
4.11.8 Show RMON history group status	65
4.11.9 Show RMON event group status	65
4.11.10 Show RMON alarm group status	66
4.11.11 Clear counters of the RMON Ethernet statistical information group	66
4.12 Telnet server	67
4.12.1 Start Telnet server and change listening port number	67
4.12.2 Show Telnet server settings	67
4.12.3 Set host that can access the Telnet server	68
4.12.4 Restrict access to the TELNET server according to the IP address of the client	68
4.13 Telnet client	69
4.13.1 Start Telnet client	69
4.13.2 Enable Telnet client	69
4.13.3 Remote login to stack slave	70
4.14 TFTP server	70
4.14.1 Start TFTP server and change listening port number	70
4.14.2 Show TFTP server settings	71
4.14.3 Set hosts that can access the TFTP server	71
4.15 HTTP server	72
4.15.1 Start HTTP server and change listening port number	72
4.15.2 Start secure HTTP server and change listening port number	72
4.15.3 Show HTTP server settings	73
4.15.4 Set hosts that can access the HTTP server	73
4.15.5 Restrict access to the HTTP server according to the IP address of the client	74
4.15.6 Set log-in timeout time for HTTP server	74
4.16 HTTP Proxy	75
4.16.1 Enable HTTP Proxy function	75
4.16.2 Set HTTP Proxy function timeout	75
4.16.3 Show HTTP Proxy function settings	76
4.17 SSH server	76
4.17.1 Start SSH server and change listening port number	76
4.17.2 Show SSH server settings	77
4.17.3 Set host that can access the SSH server	77
4.17.4 Set client that can access the SSH server	78
4.17.5 Generate SSH server host key	79
4.17.6 Clear SSH server host key	79
4.17.7 Show SSH server public key	79
4.17.8 Set SSH client alive checking	81
4.18 SSH client	81
4.18.1 Start SSH client	81
4.18.2 Enable SSH client	82
4.18.3 Clear SSH host information	82
4.19 LLDP	83
4.19.1 Enable LLDP function	83
4.19.2 Set system description	83
4.19.3 Set system name	83
4.19.4 Create LLDP agent	84
4.19.5 Set automatic setting function by LLDP	84
4.19.6 Set LLDP transmission/reception mode	85
4.19.7 Set type of management address	85
4.19.8 Set basic management TLVs	86
4.19.9 Set IEEE-802.1 TLV	86
4.19.10 Set IEEE-802.3 TLV	87
4.19.11 Set LLDP-MED TLV	87
4.19.12 Set LLDP frame transmission interval	88
4.19.13 Set LLDP frame transmission interval for high speed transmission period	88
4.19.14 Set time from LLDP frame transmission stop until re-initialization	89
4.19.15 Set multiplier for calculating time to live (TTL) of device information	89
4.19.16 Set number of LLDP frames transmitted during the high speed transmission period	90
4.19.17 Set maximum number of connected devices manageable by a port	90
4.19.18 Global interface setting for LLDP function	91
4.19.19 Show interface status	91
4.19.20 Show information for connected devices of all interfaces	94
4.19.21 Clear LLDP frame counters	95
4.20 L2MS (Layer 2 management service) settings	95
4.20.1 Move to L2MS mode	95
4.20.2 Set L2MS function	96
4.20.3 Set role of L2MS function	96
4.20.4 Set L2MS slave watch interval	97
4.20.5 Set number of times that is interpreted as L2MS slave down	97
4.20.6 Set terminal management function	98
4.20.7 Set the device information acquisition time interval	98
4.20.8 Set L2MS control frame transmit/receive	99
4.20.9 Reset slave management	99
4.20.10 Show L2MS information	100
4.20.11 Show L2MS slave config information	101
4.20.12 Set the device information acquisition time interval for downstream of a wireless AP	103
4.20.13 Set event monitoring function	104
4.20.14 Set event information acquisition time interval	104
4.20.15 Set whether to use the L2MS slave's zero config function	105
4.21 Snapshot	105
4.21.1 Set snapshot function	105
4.21.2 Set whether to include terminals in the snapshot comparison	106
4.21.3 Create snapshot	106
4.21.4 Delete snapshot	107
4.22 Firmware update	107
4.22.1 Set firmware update site	107
4.22.2 Execute firmware update	107
4.22.3 Set firmware download timeout duration	108
4.22.4 Allow revision-down	108
4.22.5 Show firmware update function settings	109
4.22.6 Update firmware from SD card	109
4.22.7 Set firmware update reload time	110
4.22.8 Set reload method for firmware update of stack configuration	110
4.23 Stack	111
4.23.1 Set stack function	111
4.23.2 Change ID of stack member	111
4.23.3 Show stack information	112
4.23.4 Set range of IP addresses used by the stack port	112
4.24 General maintenance and operation functions	113
4.24.1 Set host name	113
4.24.2 Reload system	113
4.24.3 Initialize settings	114
4.24.4 Mount SD card	114
4.24.5 Unmount SD card	114
4.24.6 Set default LED mode	115
4.24.7 Show LED mode	115
4.24.8 Show port error LED status	116
4.24.9 Backup system information	116
4.24.10 Restore system information	116
Interface control	118
5.1 Interface basic settings	118
5.1.1 Set description	118
5.1.2 Shutdown	118
5.1.3 Set speed and duplex mode	118
5.1.4 Set MRU	119
5.1.5 Set cross/straight automatic detection	120
5.1.6 Set EEE	120
5.1.7 Show EEE capabilities	121
5.1.8 Show EEE status	121
5.1.9 Set port mirroring	122
5.1.10 Show port mirroring status	123
5.1.11 Show interface status	124
5.1.12 Show brief interface status	126
5.1.13 Show frame counter	127
5.1.14 Clear frame counters	129
5.1.15 Show SFP module status	129
5.1.16 Set SFP module optical reception level monitoring	130
5.2 Link aggregation	130
5.2.1 Set static logical interface	131
5.2.2 Show static logical interface status	131
5.2.3 Set LACP logical interface	132
5.2.4 Show LACP logical interface status	133
5.2.5 Set LACP system priority order	134
5.2.6 Show LACP system priority	135
5.2.7 Set LACP timeout	135
5.2.8 Clear LACP frame counters	136
5.2.9 Show LACP frame counter	136
5.2.10 Set load balance function rules	137
5.2.11 Show protocol status of LACP logical interface	137
5.2.12 Set LACP port priority order	139
5.3 Port authentication	140
5.3.1 Configuring the IEEE 802.1X authentication function for the entire system	140
5.3.2 Configuring the MAC authentication function for the entire system	140
5.3.3 Configuring the Web authentication function for the entire system	141
5.3.4 Set operation mode for the IEEE 802.1X authentication function	141
5.3.5 Set for forwarding control on an unauthenticated port for IEEE 802.1X authentication	142
5.3.6 Set the EAPOL packet transmission count	142
5.3.7 Set the MAC authentication function	143
5.3.8 Set MAC address format during MAC authentication	143
5.3.9 Set the Web authentication function	144
5.3.10 Set host mode	144
5.3.11 Set re-authentication	145
5.3.12 Set dynamic VLAN	146
5.3.13 Set the guest VLAN	146
5.3.14 Suppression period settings following failed authentication	147
5.3.15 Set reauthentication interval	147
5.3.16 Set the reply wait time for the RADIUS server overall	148
5.3.17 Set supplicant reply wait time	148
5.3.18 Set RADIUS server host	149
5.3.19 Set the reply wait time for each RADIUS server	150
5.3.20 Set number of times to resend requests to RADIUS server	150
5.3.21 Set RADIUS server shared password	150
5.3.22 Set time of RADIUS server usage prevention	151
5.3.23 Set NAS-Identifier attribute sent to RADIUS server	151
5.3.24 Show port authentication information	152
5.3.25 Show supplicant information	153
5.3.26 Show statistical information	153
5.3.27 Clear statistical information	154
5.3.28 Show RADIUS server setting information	154
5.3.29 Settings for redirect destination URL following successful Web authentication	155
5.3.30 Clear the authentication state	155
5.3.31 Setting the time for clearing the authentication state (system)	156
5.3.32 Setting the time for clearing the authentication state (interface)	156
5.3.33 Locate the file for customizing the Web authentication screen	156
5.3.34 Delete the file for customizing the Web authentication screen	157
5.3.35 Set EAP pass through	158
5.4 Port security	158
5.4.1 Set port security function	158
5.4.2 Register permitted MAC addresses	159
5.4.3 Set operations used for security violations	159
5.4.4 Show port security information	160
5.5 Error detection function	160
5.5.1 Set automatic recovery from errdisable state	160
5.5.2 Show error detection function information	161
Layer 2 functions	162
6.1 FDB (Forwarding Data Base)	162
6.1.1 Set MAC address acquisition function	162
6.1.2 Set dynamic entry ageing time	162
6.1.3 Clear dynamic entry	163
6.1.4 Set static entry	163
6.1.5 Show MAC address table	164
6.2 VLAN	165
6.2.1 Move to VLAN mode	165
6.2.2 Set VLAN interface	165
6.2.3 Set private VLAN	166
6.2.4 Set secondary VLAN for primary VLAN	167
6.2.5 Set access port (untagged port)	167
6.2.6 Set associated VLAN of an access port (untagged port)	168
6.2.7 Set trunk port (tagged port)	168
6.2.8 Set associated VLAN for trunk port (tagged port)	169
6.2.9 Set native VLAN for trunk port (tagged port)	170
6.2.10 Set private VLAN port type	171
6.2.11 Set private VLAN host port	171
6.2.12 Set promiscuous port for private VLAN	172
6.2.13 Set voice VLAN	173
6.2.14 Set CoS value for voice VLAN	174
6.2.15 Set DSCP value for voice VLAN	174
6.2.16 Set multiple VALN group	174
6.2.17 Set name of multiple VLAN group	175
6.2.18 Show VLAN information	176
6.2.19 Show private VLAN information	176
6.2.20 Show multiple VLAN group setting information	177
6.3 STP (Spanning Tree Protocol)	177
6.3.1 Set spanning tree for the system	177
6.3.2 Set forward delay time	178
6.3.3 Set maximum aging time	178
6.3.4 Set bridge priority	179
6.3.5 Set spanning tree for an interface	179
6.3.6 Set spanning tree link type	180
6.3.7 Set interface BPDU filtering	180
6.3.8 Set interface BPDU guard	181
6.3.9 Set interface path cost	181
6.3.10 Set interface priority	182
6.3.11 Set edge port for interface	183
6.3.12 Show spanning tree status	183
6.3.13 Show spanning tree BPDU statistics	185
6.3.14 Clear protocol compatibility mode	186
6.3.15 Move to MST mode	187
6.3.16 Generate MST instance	187
6.3.17 Set VLAN for MST instance	188
6.3.18 Set priority of MST instance	188
6.3.19 Set MST region name	189
6.3.20 Set revision number of MST region	189
6.3.21 Set MST instance for interface	189
6.3.22 Set interface priority for MST instance	190
6.3.23 Set interface path cost for MST instance	190
6.3.24 Show MST region information	191
6.3.25 Show MSTP information	191
6.3.26 Show MST instance information	193
6.4 Loop detection	193
6.4.1 Set loop detection function (system)	193
6.4.2 Set loop detection function (interface)	194
6.4.3 Set port blocking for loop detection	195
6.4.4 Reset loop detection status	196
6.4.5 Show loop detection function status	196
Layer 3 functions	197
7.1 IPv4 address management	197
7.1.1 Set IPv4 address	197
7.1.2 Show IPv4 address	197
7.1.3 Automatically set IPv4 address by DHCP client	198
7.1.4 Show DHCP client status	199
7.1.5 Set auto IP function	199
7.2 IPv4 route control	200
7.2.1 Set static IPv4 route	200
7.2.2 Show IPv4 Forwarding Information Base	201
7.2.3 Show IPv4 Routing Information Base	201
7.2.4 Show summary of the route entries registered in the IPv4 Routing Information Base	202
7.3 ARP	202
7.3.1 Show ARP table	202
7.3.2 Clear ARP table	202
7.3.3 Set static ARP entry	203
7.3.4 Set ARP timeout	203
7.4 IPv4 forwarding control	203
7.4.1 IPv4 forwarding settings	204
7.4.2 Show IPv4 forwarding settings	204
7.5 IPv4 ping	204
7.5.1 IPv4 ping	204
7.5.2 Check IPv4 route	205
7.6 IPv6 address management	205
7.6.1 Set IPv6	205
7.6.2 Set IPv6 address	206
7.6.3 Set RA for IPv6 address	207
7.6.4 Show IPv6 address	207
7.7 IPv6 route control	208
7.7.1 Set IPv6 static route	208
7.7.2 Show IPv6 Forwarding Information Base	208
7.7.3 Show IPv6 Routing Information Base	209
7.7.4 Show summary of the route entries registered in the IPv6 Routing Information Base	209
7.8 Neighbor cache	210
7.8.1 Set static neighbor cache entry	210
7.8.2 Show neighbor cache table	210
7.8.3 Clear neighbor cache table	211
7.9 IPv6 forwarding control	211
7.9.1 IPv6 forwarding settings	211
7.9.2 Show IPv6 forwarding settings	211
7.10 IPv6 ping	212
7.10.1 IPv6 ping	212
7.10.2 Check IPv6 route	213
7.11 DNS client	213
7.11.1 Set DNS lookup function	213
7.11.2 Set DNS server list	213
7.11.3 Set default domain name	214
7.11.4 Set search domain list	215
7.11.5 Show DNS client information	215
IP multicast control	216
8.1 IP multicast basic settings	216
8.1.1 Set processing method for unknown multicast frames	216
8.2 IGMP snooping	216
8.2.1 Set enable/disable IGMP snooping	216
8.2.2 Set IGMP snooping fast-leave	217
8.2.3 Set multicast router connection destination	217
8.2.4 Set query transmission function	218
8.2.5 Set IGMP query transmission interval	218
8.2.6 Set TTL value verification function for IGMP packets	219
8.2.7 Set IGMP version	219
8.2.8 Show multicast router connection port information	220
8.2.9 Show IGMP group membership information	220
8.2.10 Show an interface's IGMP-related information	221
8.2.11 Clear IGMP group membership entries	222
8.3 MLD snooping	222
8.3.1 Enable/disable MLD snooping	222
8.3.2 Set MLD snooping fast-leave	223
8.3.3 Set multicast router connection destination	223
8.3.4 Set query transmission function	224
8.3.5 Set MLD query transmission interval	224
8.3.6 Set MLD version	225
8.3.7 Show multicast router connection port information	225
8.3.8 Show MLD group membership information	226
8.3.9 Show an interface's MLD-related information	226
8.3.10 Clear MLD group membership entries	227
Traffic control	228
9.1 ACL	228
9.1.1 Generate IPv4 access list	228
9.1.2 Add comment to IPv4 access list	230
9.1.3 Apply IPv4 access list	230
9.1.4 Generate IPv6 access list	231
9.1.5 Add comment to IPv6 access list	232
9.1.6 Apply IPv6 access list	232
9.1.7 Generate MAC access list	233
9.1.8 Add comment to MAC access list	234
9.1.9 Apply MAC access list	235
9.1.10 Show generated access list	236
9.1.11 Clear counters	236
9.1.12 Show access list applied to interface	236
9.1.13 Set VLAN access map and move to VLAN access map mode	237
9.1.14 Set access list for VLAN access map	237
9.1.15 Set VLAN access map filter	238
9.1.16 Show VLAN access map	238
9.1.17 Show VLAN access map filter	238
9.2 QoS (Quality of Service)	239
9.2.1 Enable/disable QoS	239
9.2.2 Set default CoS	239
9.2.3 Set trust mode	240
9.2.4 Show status of QoS function setting	241
9.2.5 Show QoS information for interface	241
9.2.6 Show egress queue usage ratio	243
9.2.7 Set CoS - egress queue ID conversion table	243
9.2.8 Set DSCP - egress queue ID conversion tabl	244
9.2.9 Set port priority order	245
9.2.10 Specify egress queue of frames transmitted from the switch itself	245
9.2.11 Generate class map (traffic category conditions)	246
9.2.12 Associate class map	247
9.2.13 Set traffic classification conditions (access-list)	247
9.2.14 Set traffic classification conditions (CoS)	248
9.2.15 Set traffic classification conditions (TOS precedence)	248
9.2.16 Set traffic classification conditions (DSCP)	249
9.2.17 Set traffic classification conditions (Ethernet Type)	249
9.2.18 13.2.22 Set traffic classification conditions (VLAN ID)	250
9.2.19 Set traffic classification conditions (VLAN ID range)	250
9.2.20 Show class map information	251
9.2.21 Generate policy map for received frames	252
9.2.22 Apply policy map for received frames	252
9.2.23 Set pre-marking (CoS)	253
9.2.24 Set pre-marking (TOS precedence)	254
9.2.25 Set pre-marking (DSCP)	255
9.2.26 Set individual policers (single rate)	255
9.2.27 Set individual policers (twin rate)	257
9.2.28 Set remarking of individual policers	258
9.2.29 Generate aggregate policer	259
9.2.30 Set aggregate policer (single rate)	260
9.2.31 Set aggregate policer (twin rate)	261
9.2.32 Set remarking of aggregate policers	262
9.2.33 Show aggregate policers	263
9.2.34 Apply aggregate policer	263
9.2.35 Show metering counters	264
9.2.36 Clear metering counters	265
9.2.37 Set egress queue (CoS-Queue)	265
9.2.38 Set egress queue (DSCP-Queue)	266
9.2.39 Show policy map information	266
9.2.40 Show map status	268
9.2.41 Set egress queue scheduling	269
9.2.42 Set traffic shaping (individual port)	270
9.2.43 Set traffic-shaping (queue units)	270
9.3 Flow control	271
9.3.1 Set flow control (IEEE 802.3x PAUSE send/receive) (system)	271
9.3.2 Set flow control (IEEE 802.3x PAUSE send/receive) (interface)	272
9.3.3 Show flow control operating status	272
9.4 Storm control	273

Match case Limit results 1 per page

Setting value

Description

A.B.C.D/M

Specifies an IPv4 address (A.B.C.D) with subnet

mask length (Mbit)

host A.B.C.D

Specifies a single IPv4 address (A.B.C.D)

any

Applies to all IPv4 addresses

src-port

<0-65535>

If protocol is specified as tcp or udp, this specifies the transmission source port number <0-65535>

that is the condition. This can also be omitted.

Method of specifying

Description

eq X

Specify port number (X)

range X Y

Specify port numbers (X) through (Y)

dst-info

Specifies the destination IPv4 address information that is the condition

Setting value

Description

A.B.C.D E.F.G.H

Specifies an IPv4 address (A.B.C.D) with

wildcard bits (E.F.G.H)

A.B.C.D/M

Specifies an IPv4 address (A.B.C.D) with subnet

mask length (Mbit)

host A.B.C.D

Specifies a single IPv4 address (A.B.C.D)

any

Applies to all IPv4 addresses

dst-port

<0-65535>

If protocol is specified as tcp or udp, this specifies the destination port number <0-65535> that is the

condition. This can also be omitted.

Method of specifying

Description

eq X

Specify port number (X)

range X Y

Specify port numbers (X) through (Y)

[Initial value]

none

[Input mode]

global configuration mode

[Description]

Generates an IPv4 access list.

Multiple conditions (maximum 256) can be specified for the generated access list.

To apply the generated access list, use the

access-group

command of interface mode.

If the "no" syntax is used to specify "action" and following, the IPv4 access list that matches all conditions is deleted.

If the "no" syntax is used without specifying "action" and following, the IPv4 access list of the matching ID of access list is

deleted.

[Note]

An access list that is applied to LAN/SFP port and logical interface cannot be deleted using the "no" syntax. You must first

cancel the application, and then delete the access list.

For both src-port and dst-port, you can use "range" to specify a range; however for the entire system, only one IPv4 access list

that specifies a range in this way can be applied to the interface by using the

access-group

command.

[Example]

Create access list #1 that denies communication from the source segment 192.168.1.0/24 to the destination 172.16.1.1.

Command Reference | Traffic control |

229