Extreme Networks 200 Series User Manual

122

Summit 200 Series Switch Installation and User Guide

Access Policies

create access-mask
{dest-mac}
{source-mac}
{vlan}
{ethertype}
{tos | code-point}
{ipprotocol}
{dest-ip /} {dest-L4port}
{source-ip /}
{source-L4port | {icmp-type} {icmp-code}}
{permit-established}
{egressport}
{ports}
{precedence }

Creates an access mask. The mask specifies
which packet fields to examine. Options include:

•

—Specifies the

access mask name. The access mask name
can be between 1 and 31 characters.

•

dest-mac

—Specifies the destination MAC

address field.

•

source-mac

—Specifies the source MAC

address field.

•

vlan

—Specifies the VLANid field.

•

ethertype

—Specifies the Ethertype field.

•

tos

—Specifies the IP precedence field.

•

code-point

—Specifies the DiffServ code

point field.

•

ipprotocol

—Specifies the IP protocol field.

•

dest-ip

—Specifies the IP destination field

and subnet mask. You must supply the
subnet mask.

•

dest-L4port

—Specifies the destination port

field.

•

source-ip

—Specifies the IP source address

field and subnet mask. You must supply the
subnet mask.

•

source-L4port

—Specifies the source port

field.

•

icmp-type

—Specify the ICMP type field.

•

icmp-code

—Specify the ICMP code field.

•

permit-established

—Specifies the TCP

SYN/ACK bit fields.

•

egressport

—Specify the egress port

•

ports

—Specifies the ingress port(s) on

which this rule is applied.

•

precedence

—Specifies the access mask

precedence number. The range is 1 to
25,600.

Table 32: Access Control List Configuration Commands (continued)

Command

Description