Policy commands – Lucent Technologies Cajun Switch P220 User Manual

Cajun P220, P550, P550R Switch Release Notes, Release 4.0.1

35

Policy Commands

Table 1-12 shows new and changed Policy Commands in Release 4.0.1:

Table 1-12: Policy Commands

Old Command

New Command

New Definition/Argument

To Enable:

ip access-group

[default-action-deny]

To Disable:

[no] ip access-group

N/A

There is no default.

To Enable:

ip access-list

{permit|deny|fwd[1-8]}

{

[]

|any|host

addr>}

To Enable:

[ip] access-list

{permit|deny|fwd1-8}

{

ip-addr>

wildcard>|any|host

}

[{lt|eq|gt|range}

[]]

{

wildcard> | any | host

}

[{lt|eq|gt|range}

[]]

[established]

• – name or

number of an IP protocol. It can be
one of the keywords eigrp, gre,
icmp, igmp, igrp, ip, ipinip, nos,
ospf, tcp, or udp, or an integer in
the range 0 to 255 representing an
IP protocol number. To match any
Internet protocol (including ICMP,
TCP, and UDP) use the keyword
ip.

• – number of

the network or host to which the
packet is being sent. Use a 32-bit
quantity in four-part, dotted-
decimal format. Use the keyword
any as an abbreviation for a dest
and dest -wildcard of 0.0.0.0 and
255.255.255.255. Use "host ip-addr>" as an abbreviation for a
destination with dest-wildcard of
0.0.0.0.

To Disable:

[no] ip access-list

[]

To Disable:

N/A

• – wildcard

bits to be applied to the
destination. Use a 32-bit quantity
in four-part, dotted-decimal
format. Place ones in the bit
positions you want to ignore.

• operator – (Optional) Compares

source or destination ports.
Possible operands include: lt = less
than, gt =greater than, eq=equal,
neq =not equal, and range
=inclusive range.

If the operator is positioned after the

source and source-wildcard, it must

match the source port.

If the operator is positioned after the

destination and destination-wildcard,

it must match the destination port.