mac

ManualsBrandsip ManualsNetworkingipv6

411

412

413

414

415

416

417

418

419

420

Commands for ACL

412

notation, attentive position o, ignored position1;<igmp-type>,the type of igmp, 0-15;

<icmp-type>, the type of icmp, 0-255;<icmp-code>, protocol No. of icmp, 0-255;<prec>,

IP priority, 0-7; <tos>, to value, 0-15; <sPort>, source port No., 0-65535; <sPortMin>,

the down boundary of source port; <sPortMax>, the up boundary of source port;

<dPortMin>, the down boundary of destination port; <dPortMax>, the up boundary of

destination port; <dPort>, destination port No., 0-65535; <time-range-name>, the name

of time-range.

Command Mode: Global mode

Default: No access-lists configured.

Usage Guide: When the user assign specific <num> for the first time, ACL of the serial

number is created, then the lists are added into this ACL; the access list which marked

200-299 can configure not continual reverse mask of IP address.

<igmp-type> represent the type of IGMP packet, and usual values please refer to the

following description:

17(0x11): IGMP QUERY packet

18(0x12): IGMP V1 REPORT packet

22(0x16): IGMP V2 REPORT packet

23(0x17): IGMP V2 LEAVE packet

34(0x22): IGMP V3 REPORT packet

19(0x13): DVMR packet

20(0x14): PIM V1 packet

Particular notice: The packet types included here are not the types excluding IP

OPTION. Normally, IGMP packet contains OPTION fields, and such configuration is of

no use for this type of packet. If you want to configure the packets containing OPTION,

please directly use the manner where OFFSET is configured.

Examples: Create the numeric extended access-list whose serial No. is 110. deny icmp

packet to pass, and permit udp packet with destination address 192. 168. 0. 1 and

destination port 32 to pass.

Switch(config)#access-list 110 deny icmp any any-destination

Switch(config)#access-list 110 permit udp any host-destination 192.168.0.1 d-port 32

36.5 access-list (ip standard)

Command: access-list <num> {deny | permit} {{<sIpAddr> <sMask >} | any-source|

{host-source <sIpAddr>}}

no access-list <num>

Functions: Create a numeric standard IP access-list. If this access-list exists, then add

a rule list; the “no access-list <num>“ operation of this command is to delete a numeric