Users Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch N3000 Series

701

702

703

704

705

706

707

708

709

710

708 Access Control Lists

[sequence-number]

{deny | permit} {{ipv4-

protocol | 0-255 | every}

{srcip srcmask | any |

host srcip} [{range

{portkey | startport}

{portkey | endport} |

{eq | neq | lt | gt}

{portkey | 0-65535}]

{dstip dstmask | any |

host dstip} [{range

{portkey | startport}

{portkey | endport} |

{eq | neq | lt | gt}

{portkey | 0-65535}]

[flag [+fin | -fin] [+syn

| -syn] [+rst | -rst]

[+psh | -psh] [+ack | -

ack] [+urg | -urg]

[established]] [icmp-

type icmp-type [icmp-

code icmp-code] | icmp-

message icmp-message]

[igmp-type igmp-type]

[fragments] [precedence

precedence | tos tos

[tosmask] | dscp

dscp]}} [time-range

time-range-name] [log

]

[assign-queue queue-id]

[{mirror | redirect}

interface] [rate-limit

rate burst-size]

Enter the permit and deny conditions for the extended

ACL.

• sequence-number — Identifies the order of application of

the permit/deny statement. If no sequence number is

assigned, permit/deny statements are assigned a sequence

number beginning at 1000 and incrementing by 10.

Statements are applied in hardware beginning with the

lowest sequence number. Sequence numbers apply only

within an access group; i.e., the ordering applies within

the access-group scope. The range for sequence numbers

is 1–2147483647.

•{deny | permit} — Specifies whether the IP ACL rule

permits or denies the matching traffic.

•

{ipv4-protocol | number |

every

} —

Specifies the

protocol to match for the IP ACL rule.

– IPv4 protocols: eigrp, gre, icmp, igmp, ip, ipinip, ospf,

sctp, tcp, udp, pim, arp, sctp

– number: a protocol number in decimal, e.g. 8 for EGP

– every: Match any protocol (don’t care)

•

srcip srcmask | any | host srcip

— Specifies a source IP

address and netmask to match for the IP ACL rule.

– Specifying “any” implies specifying srcip as “0.0.0.0”

and srcmask as “255.255.255.255” for IPv4.

– Specifying “host A.B.C.D” implies srcip as “A.B.C.D”

and srcmask as “0.0.0.0”.

•

[{{eq | neq | lt | gt} {portkey | number} | range

startport endport}]

— Specifies the Layer-4 source or

destination port match condition for the TCP or UDP

ACL rule. A port number, which ranges from 0-65535,

can be entered, or a portkey, which can be one of the

following keywords: domain, echo, ftp, ftp-data, http,

smtp, snmp, telnet, tftp, www, bgp, pop2, pop3, ntp, rip,

time, and who. Each of these keywords translates into its

equivalent port number. A port match is only valid for the

TCP and UDP protocols.

Command Purpose