Manualshelf

Quick Reference Guide

ManualsBrandsDell ManualsComputer equipmentPowerConnect B-TI24x
401402403404405406407408409410
PowerConnect B-Series TI24X Configuration Guide 369
53-1002269-02
Configuring extended numbered ACLs
13
Destination IP address or host name
Source TCP or UDP port (if the IP protocol is TCP or UDP)
Destination TCP or UDP port (if the IP protocol is TCP or UDP)
The IP protocol can be one of the following well-known names or any IP protocol number from 0 –
255:
Internet Control Message Protocol (ICMP)
Internet Group Management Protocol (IGMP)
Internet Gateway Routing Protocol (IGRP)
Internet Protocol (IP)
Open Shortest Path First (OSPF)
Transmission Control Protocol (TCP)
User Datagram Protocol (UDP)
For TCP and UDP, you also can specify a comparison operator and port name or number. For
example, you can configure a policy to block web access to a specific website by denying all TCP
port 80 (HTTP) packets from a specified source IP address to the website IP address.
NOTE
PowerConnect support extended ACLs.
Extended numbered ACL syntax
Syntax: [no] access-list <ACL-num> deny | permit <ip-protocol> <source-ip> | <hostname>
<wildcard> [<operator> <source-tcp/udp-port>] <destination-ip> | <hostname>
[<icmp-num> | <icmp-type>] <wildcard> [<tcp/udp comparison operator>
<destination-tcp/udp-port>] [dscp-marking <0-63> [802.1p-priority-marking <0 –7>... |
[802.1p-and-internal-marking] [internal-priority-marking] [dscp-matching <0-63>] [log]
[precedence <name> | <0 – 7>] [tos <0 – 63> | <name>] [traffic policy <name>]
Syntax: [no] access-list <ACL-num> deny | permit host <ip-protocol> any any
Syntax: [no] ip access-group <ACL-num> in
The <ACL-num> parameter is the extended access list number. Specify a number from 100 – 199.
The deny | permit parameter indicates whether packets that match the policy are dropped or
forwarded.
The <ip-protocol> parameter indicates the type of IP packet you are filtering. You can specify a
well-known name for any protocol whose number is less than 255. For other protocols, you must
enter the number. Enter “?” instead of a protocol to list the well-known names recognized by the
CLI.
The <source-ip> | <hostname> parameter specifies the source IP host for the policy. If you want
the policy to match on all source addresses, enter any.