Manualshelf

mac

ManualsBrandsip ManualsNetworkingipv6
411412413414415416417418419420
Commands for ACL
411
36.3 access-list deny-preemption
This command is not supported by the switch.
36.4 access-list (ip extended)
Command: access-list <num> {deny | permit} icmp {{<sIpAddr> <sMask>} |
any-source | {host-source <sIpAddr>}} {{<dIpAddr> <dMask>} | any-destination |
{host-destination <dIpAddr>}} [<icmp-type> [<icmp-code>]] [precedence <prec>]
[tos <tos>][time-range<time-range-name>]
access-list <num> {deny | permit} igmp {{<sIpAddr> <sMask>} | any-source |
{host-source <sIpAddr>}} {{<dIpAddr> <dMask>} | any-destination |
{host-destination <dIpAddr>}} [<igmp-type>] [precedence <prec>] [tos
<tos>][time-range<time-range-name>]
access-list <num> {deny | permit} tcp {{ <sIpAddr> <sMask> } | any-source |
{host-source <sIpAddr> }} [s-port { <sPort> | range <sPortMin> <sPortMax> }]
{{ <dIpAddr> <dMask> } | any-destination | {host-destination <dIpAddr> }} [d-port
{ <dPort> | range <dPortMin> <dPortMax> }] [ack+ fin+ psh+ rst+ urg+ syn]
[precedence <prec> ] [tos <tos> ][time-range <time-range-name> ]
access-list <num> {deny | permit} udp {{ <sIpAddr> <sMask> } | any-source |
{host-source <sIpAddr> }} [s-port { <sPort> | range <sPortMin> <sPortMax> ]
{{ <dIpAddr> <dMask> } | any-destination | {host-destination <dIpAddr> }} [d-port
{ <dPort> | range <dPortMin> <dPortMax> }] [precedence <prec> ] [tos
<tos> ][time-range<time-range-name> ]
access-list <num> {deny | permit} {eigrp | gre | igrp | ipinip | ip | ospf |
<protocol-num> } {{ <sIpAddr> <sMask> } | any-source | {host-source <sIpAddr> }}
{{ <dIpAddr> <dMask> } | any-destination | {host-destination <dIpAddr> }}
[precedence <prec> ] [tos <tos> ][time-range <time-range-name> ]
no access-list <num>
Functions: Create a numeric extended IP access rule to match specific IP protocol or all
IP protocol; if access-list of this coded numeric extended does not exist, thus to create
such a access-list.
Parameters: <num> is the No. of access-list, 100-299; <protocol> is the No. of
upper-layer protocol of ip, 0-255; <sIpAddr> is the source IP address, the format is
dotted decimal notation; <sMask > is the reverse mask of source IP, the format is dotted
decimal notation; <dIpAddr> is the destination IP address, the format is dotted decimal
notation; <dMask> is the reverse mask of destination IP, the format is dotted decimal