Quick Reference Guide
PowerConnect B-Series TI24X Configuration Guide 369
53-1002269-02
Configuring extended numbered ACLs
13
• Destination IP address or host name
• Source TCP or UDP port (if the IP protocol is TCP or UDP)
• Destination TCP or UDP port (if the IP protocol is TCP or UDP)
The IP protocol can be one of the following well-known names or any IP protocol number from 0 –
255:
• Internet Control Message Protocol (ICMP)
• Internet Group Management Protocol (IGMP)
• Internet Gateway Routing Protocol (IGRP)
• Internet Protocol (IP)
• Open Shortest Path First (OSPF)
• Transmission Control Protocol (TCP)
• User Datagram Protocol (UDP)
For TCP and UDP, you also can specify a comparison operator and port name or number. For
example, you can configure a policy to block web access to a specific website by denying all TCP
port 80 (HTTP) packets from a specified source IP address to the website IP address.
NOTE
PowerConnect support extended ACLs.
Extended numbered ACL syntax
Syntax: [no] access-list <ACL-num> deny | permit <ip-protocol> <source-ip> | <hostname>
<wildcard> [<operator> <source-tcp/udp-port>] <destination-ip> | <hostname>
[<icmp-num> | <icmp-type>] <wildcard> [<tcp/udp comparison operator>
<destination-tcp/udp-port>] [dscp-marking <0-63> [802.1p-priority-marking <0 –7>... |
[802.1p-and-internal-marking] [internal-priority-marking] [dscp-matching <0-63>] [log]
[precedence <name> | <0 – 7>] [tos <0 – 63> | <name>] [traffic policy <name>]
Syntax: [no] access-list <ACL-num> deny | permit host <ip-protocol> any any
Syntax: [no] ip access-group <ACL-num> in
The <ACL-num> parameter is the extended access list number. Specify a number from 100 – 199.
The deny | permit parameter indicates whether packets that match the policy are dropped or
forwarded.
The <ip-protocol> parameter indicates the type of IP packet you are filtering. You can specify a
well-known name for any protocol whose number is less than 255. For other protocols, you must
enter the number. Enter “?” instead of a protocol to list the well-known names recognized by the
CLI.
The <source-ip> | <hostname> parameter specifies the source IP host for the policy. If you want
the policy to match on all source addresses, enter any.