Kontron AT8902 Full Size CLI User Manual
Page 192

AT8901/2/3
AT8901/2/3 CLI Reference Manual
Page 4 - 28
IP Extended ACL:
Format
access-list <100-199> {deny | permit} {every | {{icmp |
igmp | ip | tcp | udp |
{
<0-65535>}] [precedence
| dscp
redirect} <
Mode
Global Config
Table 2. ACL Command Parameters
Parameter
Description
<1-99> or <100-199>
Range 1 to 99 is the access list number for an IP standard ACL.
Range 100 to 199 is the access list number for an IP extended
ACL.
{deny | permit}
Specifies whether the IP ACL rule permits or denies an action.
Note: For 5630x and 5650x-based systems, assign-queue, redi-
rect, and mirror attributes are configurable for a deny rule, but
they have no operational effect.
every
Match every packet
{icmp | igmp | ip | tcp |
udp |
Specifies the protocol to filter for an extended IP ACL rule.
Specifies a source IP address and source netmask for match
condition of the IP ACL rule.
[{eq {
<0-65535>}]
Specifies the source layer 4 port match condition for the IP
ACL rule. You can use the port number, which ranges from 0-
65535, or you specify the
, which can be one of the
following keywords:
domain, echo, ftp, ftpdata,
http, smtp, snmp, telnet, tftp
, and
www
. Each of
these keywords translates into its equivalent port number,
which is used as both the start and end of a port range.
Specifies a destination IP address and netmask for match condi-
tion of the IP ACL rule.
[precedence
| tos
dscp
Specifies the TOS for an IP ACL rule depending on a match of
precedence or DSCP values using the parameters
dscp
,
pre-
cedence
,
tos/tosmask
.
[log]
Specifies that this rule is to be logged.
[assign-queue
Specifies the assign-queue, which is the queue identifier to
which packets matching this rule are assigned.
[{mirror | redirect}
For Broadcom 5650x platforms, specifies the mirror or redirect
interface which is the slot/port to which packets matching this
rule are copied or forwarded, respectively. The
mirror
and
redirect
parameters are not available on the Broadcom
5630x platform.