38-154
Switch(Config-MacIp-Ext-Nacl-macip_acl)#
38.18 permit | deny (ip extended)
Command:
[no] {deny | permit} icmp {{ } | any-source | {host-source }} {{
} | any-destination | {host-destination }} [ []] [precedence
] [tos ][time-range]
[no] {deny | permit} igmp {{ } | any-source | {host-source }} {{
} | any-destination | {host-destination }} [] [precedence ] [tos
][time-range]
[no] {deny | permit} tcp {{ } | any-source | {host-source }} [s-port { |
range }] {{ } | any-destination | {host-destination <dIpAddr> }}
[d-port { | range <dPortMax> }] [ack+fin+psh+rst+urg+syn] [precedence ] [tos
][time-range ]
[no] {deny | permit} udp {{ } | any-source | {host-source }} [s-port { > |
range > }] {{ } | any-destination | {host-destination }}
[d-port { <dPort> | range <dPortMax> }] [precedence ] [tos
][time-range ]
[no] {deny | permit} {eigrp | gre | igrp | ipinip | ip | ospf | <protocol-num>} {{ } |
any-source | {host-source }} {{ } | any-destination | {host-destination
}} [precedence ] [tos ][time-range]
Functions:
Create a name extended IP access rule to match specific IP protocol or all IP protocol.
Parameters:
is the source IP address, the format is dotted decimal notation; <sMask > is the reverse mask of source
IP, the format is dotted decimal notation; is the destination IP address, the format is dotted decimal
notation; <dMask> is the reverse mask of destination IP, the format is dotted decimal notation, attentive position o,
ignored position 1; <igmp-type>, the type of igmp, 0-15; , the type of icmp, 0-255 ; ,
protocol No. of icmp, 0-255; , IP priority, 0-7; , to value, 0-15; , source port No., 0-65535;
, the down boundary of source port; , the up boundary of source port; , destination
port No. 0-65535; , the down boundary of destination port; , the up boundary of destination
port; , time range name.
Command Mode:
Name extended IP access-list configuration mode
Default:
