beautypg.com

PLANET WGSW-52040 User Manual

Page 620

background image

38-160

Define an extended name MAC-IP ACL rule, no form deletes one extended numeric MAC-IP ACL access-list rule.

Parameters:

num access-list serial No. this is a decimal’s No. from 3100-3199; deny if rules are matching, deny to access;

permit if rules are matching, permit to access; any-source-mac: any source MAC address; any-destination-mac:

any destination MAC address; host_smac, smac: source MAC address; smac-mask: mask (reverse mask) of

source MAC address ; host_dmac , dmas destination MAC address; dmac-mask mask (reverse mask) of

destination MAC address; protocol No. of name or IP protocol. It can be a key word: eigrp, gre, icmp, igmp, igrp, ip,

ipinip, ospf, tcp, or udp, or an integer from 0-255 of list No. of IP address. Use key word ‘ip’ to match all Internet

protocols (including ICMP, TCP, AND UDP) list; source-host-ip, source No. of source network or source host of

packet delivery. Numbers of 32-bit binary system with dotted decimal notation expression; host: means the address

is the IP address of source host, otherwise the IP address of network; source-wildcard: reverse of source IP.

Numbers of 32-bit binary system expressed by decimal’s numbers with four-point separated, reverse mask;

destination-host-ip, destination No. of destination network or host to which packets are delivered. Numbers of

32-bit binary system with dotted decimal notation expression; host: means the address is that the destination host

address, otherwise the network IP address; destination-wildcard: mask of destination. I Numbers of 32-bit binary

system expressed by decimal’s numbers with four-point separated, reverse mask; s-port(optional): means the need

to match TCP/UDP source port; port1(optional): value of TCP/UDP source interface No., Interface No. is an integer

from 0-65535; <sPortMin>, the down boundary of source port; <sPortMax>, the up boundary of source port;

d-port(optional): means need to match TCP/UDP destination interface; port3(optional): value of TCP/UDP

destination interface No., Interface No. is an integer from 0-65535; , the down boundary of destination

port; , the up boundary of destination port; [ack] [fin] [psh] [rst] [urg] [syn], (optional) only for TCP

protocol, multi-choices of tag positions are available, and when TCP data reports the configuration of corresponding

position, then initialization of TCP data report is enabled to form a match when in connection; precedence (optional)

packets can be filtered by priority which is a number from 0-7; tos (optional) packets can be filtered by service type

which ia number from 0-15; icmp-type (optional) ICMP packets can be filtered by packet type which is a number

from 0-255; icmp-code (optional) ICMP packets can be filtered by packet code which is a number from 0-255;

igmp-type (optional) ICMP packets can be filtered by IGMP packet name or packet type which is a number from

0-255; , name of time range.

Command Mode:

Name extended MAC-IP access-list configuration mode

Default:

No access-list configured.

Examples:

Deny the passage of UDP packets with any source MAC address and destination MAC address, any source IP

See also other documents in the category PLANET Routers: