beautypg.com

CANOGA PERKINS CanogaOS Command Reference User Manual

Page 678

background image

CanogaOS Command Line Reference

Revision 1.02

Proprietary & Confidential Canoga Pertkins Metro Ethernet Switches

Page 678 of 855

[<1-2147483646>] permit {<0-255> | any } { source source-mask | any | host source } {destination
destination-mask any | host | destination} [ ip-precedence precedence | dscp dscp ] [ fragments ]
[ routed-packet ] [ options ] [ time-range time-range-name ] [ stats ]
<1-2147483646>: the sequence number of the filter in IP ACL. An auto-generated sequence number
will be assigned to the filter if this field is not presented
<0-255>: an IP protocol number
any: any IP protocol
source source-mask: the source IP address and its wildcard bits
any: any source host
host source: the source IP address of a host
destination destination-mask: the destination IP address and its wildcard bits
ip-precedence precedence: match packets with given precedence value
dscp dscp: match packets with given DSCP value

fragments

:check non-initial fragments

routed-packet: match routed packet
options: match packets with IP options
time-range: the time-range used by the ip filter
stats: statistic function will be enabled if this field is presented

Command Mode

IP ACL configuration

Usage

If IP address wildcard bits is provided, the IP address is logically-anded in bitwise with the reverse
bits of the wildcard bits. For example, 10.10.10.0 0.0.0.255 means the addresses from 10.10.10.0
to 10.10.10.255 are matched.

An auto-generated sequence number will be assigned to the filter if the sequence-num field is not
presented. The auto-generated sequence number is incremented by 10 on the maximum existing
sequence number in the IP ACL. i.e. when the maximum existing sequence number is 100, the
sequence number of subsequent created IP filter is 110.

Examples

This example shows how to create a filter in IP ACL to permit any IP packets.
Switch(config-ip-acl)# 10 permit any any any
This example shows how to create a filter in IP ACL to permit the fragment packets with the source IP
address 1.1.1.1 and any destination IP address.
Switch(config-ip-acl)# 20 permit tcp host 1.1.1.1 any fragments
This example shows how to create a filter in IP ACL to permit any routed packets.
Switch(config-ip-acl)# 30 permit any any any routed-packet

Related Commands

permit tcp
permit udp
permit icmp

See also other documents in the category CANOGA PERKINS Computer hardware: