Administrator Guide
Layer 2 Switching Commands 267
•
{
ipv4-protocol
|
number
|
every
}—
Specifies the protocol to match for the IP
ACL rule.
– IPv4 protocols:
eigrp, gre, icmp, igmp, ip, ipinip, ospf, tcp, udp, pim
,
arp
–
Every
: Match any protocol (don’t care)
•
srcip
srcmask
| any | host
srcip
—Specifies a source IP address and netmask
to match for the IP ACL rule.
– Specifying “any” implies specifying
srcip
as “0.0.0.0” and
srcmask
as
“255.255.255.255” for IPv4.
– Specifying “host A.B.C.D” implies
srcip
as “A.B.C.D” and
srcmask
as
“0.0.0.0”.
•
[{{eq | neq | lt | gt} {
portkey
|
number
} | range
startport endport
}]
—
Specifies the layer 4 destination port match condition for the IP ACL rule.
A destination port number, which ranges from 0-65535, can be entered, or
a
portkey
, which can be one of the following keywords: domain, echo, ftp,
ftp-data, http, smtp, snmp, telnet, tftp, and www. Each of these keywords
translates into its equivalent destination port number.
– When “range” is specified, IP ACL rule matches only if the layer 4
port number falls within the specified portrange. The
startport
and
endport
parameters identify the first and last ports that are part of the
port range. They have values from 0 to 65535. The ending port must
have a value equal or greater than the starting port. The starting port,
ending port, and all ports in between will be part of the layer 4 port
range.
– When “eq” is specified, IP ACL rule matches only if the layer 4 port
number is equal to the specified port number or portkey.
– When “lt” is specified, IP ACL rule matches if the layer 4 destination
port number is less than the specified port number or portkey. It is
equivalent to specifying the range as 0 to <specified port number –
1>.
– When “gt” is specified, IP ACL rule matches if the layer 4 destination
port number is greater than the specified port number or portkey. It is
equivalent to specifying the range as <specified port number + 1> to
65535.
2CSNXXX_SWUM204.book Page 267 Monday, January 25, 2016 1:25 PM