Administrator Guide
Layer 2 Switching Commands 524
[routing] [fragments] [dscp
dscp
]}} [time-range
time-range-name
] [log]
[assign-queue
queue-id
] [{mirror | redirect}
interface-id
] [rate-limit
rate
burst-size
]
no [s
sequence-number
] deny | permit
•
sequence-number
— Identifies the order of application of the
permit/deny statement. If no sequence number is assigned, permit/deny
statements are assigned a sequence number beginning at 1000 and
incrementing by 10. Statements are applied in hardware beginning with
the lowest sequence number. Sequence numbers only have applicability
within an access group, i.e. the ordering applies within the access-group
scope. The range for sequence numbers is 1– 2147483647.
•{
deny | permit
}–Specifies whether the IP ACL rule permits or denies the
matching traffic.
•{
ipv6-protocol
|
number
|
every
}—Specifies the protocol to match for the
IP ACL rule.
– IPv6 protocols: icmpv6, ipv6, sctp, tcp and udp
–
Every
: Match any protocol (don’t care)
•
source-ipv6-prefix
/prefixlength |
any | host
src-ipv6-address
—Specifies a
source IP address and netmask to match for the IP ACL rule.
– For IPv6 ACLs, “any” implies a 0::/128 prefix and a mask of all ones.
– Specifying “host X::X” implies a prefix length as “/128” and a mask of
0::/128.
•[{range {
portkey
|
startport
} {
portkey
|
endport
} | {eq | neq | lt | gt}
{
portkey
|
0-65535
}]—Specifies the layer 4 destination port match
condition for the IP/TCp/UDP ACL rule. A destination port number,
which ranges from 0-65535, can be entered, or a
portkey
, which can be one
of the following keywords: bgp, domain, echo, ftp, ftp-data, http, ntp,
pop2, pop3, rip, smtp, snmp, telnet, tftp, telnet, time, who and www. Each
of these keywords translates into its equivalent destination port number.
– When “range” is specified, IPv6 ACL rule matches only if the layer 4
port number falls within the specified portrange. The
startport
and
endport
parameters identify the first and last ports that are part of the
port range. They have values from 0 to 65535. The ending port must
2CSNXXX_SWUM204.book Page 524 Monday, January 25, 2016 1:25 PM