PLANET XGS3-24042 User Manual

Page 943

background image

47-9

}|{ }}udp {{ }|any-source|

{host-source }}[s-port{ | range }]

{{ > > }|any-destination| {host-destination

}}[d-port{ | range }]

[precedence ] [tos ][time-range ]

access-list {deny|permit}{any-source-mac| {host-source-mac

}|{ <smac> }} {any-destination-mac|{host-destination-mac

}|{ }} {eigrp|gre|igrp|ip|ipinip|ospf|{ }}

{{ }|any-source|{host-source }}

{{ }|any-destination| {host-destination

}} [precedence > ] [tos > ][time-range

]

Functions:

Define an extended numeric MAC-IP ACL rule, no command deletes a extended numeric MAC-IP

ACL access-list rule.

Parameters:

num access-list serial No. this is a decimal’s No. from 3100-3299; deny if rules are matching, deny

to access; permit if rules are matching, permit to access; any-source-mac: any source MAC

address; any-destination-mac: any destination MAC address; host_smac , smac: source MAC

address; smac-mask: mask (reverse mask) of source MAC address ; host_dmac , dmas

destination MAC address; dmac-mask mask (reverse mask) of destination MAC address; protocol

No. of name or IP protocol. It can be a key word: eigrp, gre, icmp, igmp, igrp, ip, ipinip, ospf, tcp, or

udp, or an integer from 0-255 of list No. of IP address. Use key word ‘ip’ to match all Internet

protocols (including ICMP, TCP, AND UDP) list; source-host-ip, source No. of source network or

source host of packet delivery. Numbers of 32-bit binary system with dotted decimal notation

expression; host: means the address is the IP address of source host, otherwise the IP address of

network; source-wildcard: reverse of source IP. Numbers of 32-bit binary system expressed by

decimal’s numbers with four-point separated, reverse mask; destination-host-ip, destination No. of

destination network or host to which packets are delivered. Numbers of 32-bit binary system with

dotted decimal notation expression; host: means the address is the that the destination host

address, otherwise the network IP address; destination-wildcard: mask of destination. I

Numbers of 32-bit binary system expressed by decimal’s numbers with four-point separated,

reverse mask; s-port(optional): means the need to match TCP/UDP source port; port1(optional):

value of TCP/UDP source interface No., Interface No. is an integer from 0-65535; d-port(optional):

means need to match TCP/UDP destination interface; <sPortMin>, the down boundary of source

port; , the up boundary of source port; port3(optional): value of TCP/UDP destination

interface No., Interface No. is an integer from 0-65535; , the down boundary of

destination port;, the up boundary of destination port; [ack] [fin] [psh] [rst] [urg]