3 access-list (ip extended), Access, List – PLANET WGSW-50040 User Manual

Commands for Security Function Chapter 6 Commands for TACACS+

21.3 access-list (ip extended)

Command:

access-list {deny | permit} icmp {{ } | any-source | {host-source

}} {{ } | any-destination | {host-destination }}

[ []] [precedence ] [tos

][time-range]

access-list {deny | permit} igmp {{ } | any-source | {host-source

}} {{ } | any-destination | {host-destination }}

[<igmp-type>] [precedence ] [tos ][time-range]

access-list {deny | permit} tcp {{ } | any-source | {host-source

}} [s-port { <sPort> | range }] {{ } |

any-destination | {host-destination <dIpAddr> }} [d-port { | range <dPortMin>

}] [ack+ fin+ psh+ rst+ urg+ syn] [precedence ] [tos ][time-range

]

access-list {deny | permit} udp {{ } | any-source | {host-source

}} [s-port { > | range > ] {{ <dMask> } |

any-destination | {host-destination }} [d-port { > | range >

> }] [precedence ] [tos ][time-range ]

access-list {deny | permit} {eigrp | gre | igrp | ipinip | ip | ospf | }

{{ } | any-source | {host-source }} {{ } |

any-destination | {host-destination }} [precedence ] [tos

][time-range ]

no access-list

Functions:

Create a numeric extended IP access rule to match specific IP protocol or all IP protocol; if

access-list of this coded numeric extended does not exist, thus to create such a access-list.

Parameters:

is the No. of access-list, 100-299;

<protocol> is the No. of upper-layer protocol of ip, 0-255;

is the source IP address, the format is dotted decimal notation;

<sMask > is the reverse mask of source IP, the format is dotted decimal notation;

is the destination IP address, the format is dotted decimal notation;

<dMask> is the reverse mask of destination IP, the format is dotted decimal notation, attentive

position o, ignored position1;

<igmp-type>,the type of igmp, 0-15;

, the type of icmp, 0-255;

, protocol No. of icmp, 0-255;

, IP priority, 0-7;