Permit, deny (extended acl), Permit, deny (extended acl) -120 – SMC Networks SMC TigerStack IV SMC6224M User Manual
Page 368
C
OMMAND
L
INE
I
NTERFACE
4-120
Command Usage
• New rules are appended to the end of the list.
• Address bitmasks are similar to a subnet mask, containing four
integers from 0 to 255, each separated by a period. The binary mask
uses 1 bits to indicate “match” and 0 bits to indicate “ignore.” The
bitmask is bitwise ANDed with the specified source IP address, and
then compared with the address for each IP packet entering the port(s)
to which this ACL has been assigned.
Example
This example configures one permit rule for the specific address 10.1.1.21
and another rule for the address range 168.92.16.x – 168.92.31.x using a
bitmask.
Related Commands
permit, deny (Extended ACL)
This command adds a rule to an Extended IP ACL. The rule sets a filter
condition for packets with specific source or destination IP addresses,
protocol types, source or destination protocol ports, or TCP control codes.
Use the no form to remove a rule.
Syntax
[no] {permit | deny} [protocol-number | udp]
{any | source address-bitmask | host source}
{any | destination address-bitmask | host destination}
[precedence precedence] [tos tos] [dscp dscp]
[source-port sport [end]] [destination-port dport [end]]
[no] {permit | deny} tcp
{any | source address-bitmask | host source}
{any | destination address-bitmask | host destination}
Console(config-std-acl)#permit host 10.1.1.21
Console(config-std-acl)#permit 168.92.16.0 255.255.240.0
Console(config-std-acl)#