Administrator Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch N1500 Series

661

662

663

664

665

666

667

668

669

670

Access Control Lists 665

[

sequence-number

]

{deny | permit} {every |

{{

ipv4-protocol

0-255

| every} {

srcip srcmask

any | host

srcip

} [{range

{

portkey

startport

}

{

portkey

endport

} |

{eq | neq | lt | gt}

{

portkey

0-65535

}]

{

dstip dstmask

| any |

host

dstip

} [{range

{

portkey

startport

}

{

portkey

endport

} |

{eq | neq | lt | gt}

{

portkey

0-65535

}]

[flag [+fin | -fin] [+syn

| -syn] [+rst | -rst]

[+psh | -psh] [+ack | -

ack] [+urg | -urg]

[established]] [icmp-

type

icmp-type

[icmp-

code

icmp-code

] | icmp-

message

icmp-message

]

[igmp-type

igmp-type

]

[fragments] [precedence

precedence

| tos

tos

[

tosmask

] | dscp

dscp

]}} [time-range

time-range-name

] [log]

[assign-queue

queue-id

]

[{mirror | redirect}

unit/slot/port

] [rate-

limit

rate burst-size

]

Enter the permit and deny conditions for the extended

ACL.

•

sequence-number

— Identifies the order of application of

the permit/deny statement. If no sequence number is

assigned, permit/deny statements are assigned a sequence

number beginning at 1000 and incrementing by 10.

Statements are applied in hardware beginning with the

lowest sequence number. Sequence numbers apply only

within an access group; i.e., the ordering applies within

the access-group scope. The range for sequence numbers

is 1–2147483647.

•{

deny | permit

} — Specifies whether the IP ACL rule

permits or denies the matching traffic.

•

{

ipv4-protocol

number

every

} —

Specifies the

protocol to match for the IP ACL rule.

– IPv4 protocols:

eigrp, gre, icmp, igmp, ip, ipinip, ospf,

tcp, udp, pim

–

every

: Match any protocol (don’t care)

•

srcip

srcmask

| any | host

srcip

— Specifies a source IP

address and netmask to match for the IP ACL rule.

– Specifying “any” implies specifying

srcip

as “0.0.0.0”

and

srcmask

as “255.255.255.255” for IPv4.

– Specifying “host A.B.C.D” implies

srcip

as “A.B.C.D”

and

srcmask

as “0.0.0.0”.

•

[{{eq | neq | lt | gt} {

portkey

number

} | range

startport endport

}]

— Specifies the layer-4 destination

port match condition for the IP ACL rule. A destination

port number, which ranges from 0-65535, can be entered,

or a

portkey

, which can be one of the following keywords:

domain

echo

ftp

ftp-data

http

smtp

snmp

telnet

tftp

, and

www

. Each of these keywords translates into its

equivalent destination port number.

Command Purpose