23 permit | deny(ipv6 extended) – Accton Technology ES4626 User Manual

Page 770

background image

770

source MAC address ; host_dmac , dmas destination MAC address; dmac-mask mask

(reverse mask) of destination MAC address; protocol No. of name or IP protocol. It can

be a key word: eigrp, gre, icmp, igmp, igrp, ip, ipinip, ospf, tcp, or udp, or an integer from

0-255 of list No. of IP address. Use key word ‘ip’ to match all Internet protocols (including

ICMP, TCP, AND UDP) list; source-host-ip, source No. of source network or source

host of packet delivery. Numbers of 32-bit binary system with dotted decimal notation

expression; host: means the address is the IP address of source host, otherwise the IP

address of network; source-wildcard: reverse of source IP. Numbers of 32-bit binary

system expressed by decimal’s numbers with four-point separated, reverse mask;

destination-host-ip, destination No. of destination network or host to which packets are

delivered. Numbers of 32-bit binary system with dotted decimal notation expression; host:

means the address is the that the destination host address, otherwise the network IP

address; destination-wildcard: mask of destination. I Numbers of 32-bit binary system

expressed by decimal’s numbers with four-point separated, reverse mask;

s-port(optional): means the need to match TCP/UDP source port; port1(optional): value of

TCP/UDP source interface No., Interface No. is an integer from 0-65535; d-port(optional):

means need to match TCP/UDP destination interface; port3(optional): value of TCP/UDP

destination interface No., Interface No. is an integer from 0-65535; [ack] [fin] [psh] [rst]

[urg] [syn], (optional) only for TCP protocol, multi-choices of tag positions are available,

and when TCP data reports the configuration of corresponding position, then

initialization of TCP data report is enabled to form a match when in connection;

precedence (optional) packets can be filtered by priority which is a number from 0-7; tos

(optional) packets can be filtered by service type which ia number from 0-15; icmp-type

(optional) ICMP packets can be filtered by packet type which is a number from 0-255;

icmp-code (optional) ICMP packets can be filtered by packet code which is a number

from 0-255; igmp-type (optional) ICMP packets can be filtered by IGMP packet name or

packet type which is a number from 0-255; , name of time range

Command Mode:

Name expansion MAC-IP access-list configuration mode

Default:

No access-list configured

Examples:

Deny the passage of UDP packets with any source MAC address and

destination MAC address, any source IP address and destination IP address, and source

port 100 and destination port 40000.

Switch (Config)# access-list 3100 deny any-source-mac any-destination-mac udp any

s-port 100 any-destination d-port 40000

18.2.2.23 permit | deny(ipv6 extended)

Command: [no] {deny | permit} icmp {{/sPrefixlen>} | any | {host

}} { | any-destination | {host-destination

This manual is related to the following products: