beautypg.com

Permit, deny (extended ipv4 acl), Permit, deny – LevelOne GTL-2691 User Manual

Page 976

background image

C

HAPTER

30

| Access Control Lists

IPv4 ACLs

– 976 –

permit, deny

(Extended IPv4 ACL)

This command adds a rule to an Extended IPv4 ACL. The rule sets a filter

condition for packets with specific source or destination IP addresses,

protocol types, source or destination protocol ports, or TCP control codes.

Use the no form to remove a rule.

S

YNTAX

{permit | deny} [protocol-number | udp]

{any | source address-bitmask | host source}

{any | destination address-bitmask | host destination}

[precedence precedence] [tos tos] [dscp dscp]

[source-port sport [bitmask]]

[destination-port dport [port-bitmask]]

[time-range time-range-name]

no {permit | deny} [protocol-number | udp]

{any | source address-bitmask | host source}

{any | destination address-bitmask | host destination}

[precedence precedence] [tos tos] [dscp dscp]

[source-port sport [bitmask]]

[destination-port dport [port-bitmask]]

{permit | deny} tcp

{any | source address-bitmask | host source}

{any | destination address-bitmask | host destination}

[precedence precedence] [tos tos] [dscp dscp]

[source-port sport [bitmask]]

[destination-port dport [port-bitmask]]

[control-flag control-flags flag-bitmask]

[time-range time-range-name]

no {permit | deny} tcp

{any | source address-bitmask | host source}

{any | destination address-bitmask | host destination}

[precedence precedence] [tos tos] [dscp dscp]

[source-port sport [bitmask]]

[destination-port dport [port-bitmask]]

[control-flag control-flags flag-bitmask]
protocol-number – A specific protocol number. (Range: 0-255)
source – Source IP address.
destination – Destination IP address.
address-bitmask – Decimal number representing the address bits to

match.
host – Keyword followed by a specific IP address.
precedence – IP precedence level. (Range: 0-7)
tos – Type of Service level. (Range: 0-15)
dscp – DSCP priority level. (Range: 0-63)

sport – Protocol

18

source port number. (Range: 0-65535)

dport – Protocol

18

destination port number. (Range: 0-65535)

18. Includes TCP, UDP or other protocol types.