8 permit | deny(extended) – Accton Technology ES4710BD User Manual
Page 275
274
E
ES4710BD 10 Slots L2/L3/L4 Chassis Switch
Command: ip access-group [<num>|
no ip access-group
Function: Applies an access list to the incoming direction on the port; the “no ip access-group
Parameter:
Command mode: Physical Interface Mode
Default: No ACL is bound by default.
Usage Guide: Only one access rule can be bound to a port, application of an access list on the
outgoing direction is not supported yet.
Example: Binding access list “aaa” to the incoming direction of the port.
Switch(Config-Ethernet1/1)#ip access-group aaa in
12.2.2.8 permit | deny(extended)
Command: [no] {deny | permit} icmp {{
[
[no] {deny | permit} igmp {{
{{
[precedence
[no] {deny | permit} tcp {{
[s-port
[d-port
[no] {deny | permit} udp {{
[s-port
[d-port
[no] {deny | permit} {eigrp | gre | igrp | ipinip | ip |
any-source | {host-source
{host-destination
Function: Creates or deletes a name-based extended IP access rule for a specified IP protocol or all
IP protocols.
Parameters:
complement of the source IP in decimal format;
address in decimal format; <dMask> is the mask complement of the destination IP in
decimal format, 0 for significant bit and 1 for ignored bit; <igmp-type> is the IGMP
type from 0 to 255;
ICMP protocol number from 0 to 255;
tos value from 0 -15;
destination port number from 0 – 65535.
Command Mode: named-based extended IP ACL configuration mode
Default: No IP address is configured by default.
Example: Creating an extensive IP access list named “udpFlow”, denying IGMP packets and
allowing UDP packets destined for 192.168.0.1, port 32.