ES4710BD 10 Slots L2/L3/L4 Chassis Switch

access list <num> {deny permit} {{<sIpAddr> <sMask>} any-source {host-source <sIpAddr>}}

no access list <num>

Creates a numbered standard IP access list, if the access list already exists, then a rule will add to the current access list; the “no access list <num>” command deletes a numbered standard IP access list.

(2) Configuring a numbered extensive IP access list

 

Command

 

 

 

 

 

 

 

 

 

Explanation

 

 

 

Global Mode

 

 

 

 

 

 

 

 

 

 

 

 

 

access list <num> {deny permit} icmp {{<sIpAddr>

Creates

a

numbered

ICMP

 

extended IP access rule; if the

 

<sMask>}

any-source

{host-source

<sIpAddr>}}

numbered extended access list of

 

{{<dIpAddr>

<dMask>}

 

any-destination

specified number does not exist,

 

{host-destination

<dIpAddr>}}

 

[<icmp-type>

then an access list will be created

 

[<icmp-code>]] [precedence <prec>] [tos <tos>]

 

using this number.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

access list <num> {deny permit} igmp {{<sIpAddr>

Creates

a

numbered

IGMP

 

extended IP access rule; if the

 

<sMask>}

any-source

{host-source

<sIpAddr>}}

numbered extended access list of

 

{{<dIpAddr>

<dMask>}

 

any-destination

specified number does not exist,

 

{host-destination

<dIpAddr>}}

 

[<igmp-type>]

then an access list will be created

 

[precedence <prec>] [tos <tos>]

 

 

 

 

using this number.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

access list <num> {deny permit} tcp {{<sIpAddr>

Creates

a

numbered

TCP

 

<sMask>}

any-source

{host-source

<sIpAddr>}}

extended IP access rule; if the

 

[s-port

<sPort>]

{{<dIpAddr>

<dMask>}

numbered extended access list of

 

any-destination {host-destination <dIpAddr>}} [d-port

specified number does not exist,

 

<dPort>] [ack fin psh rst syn urg] [precedence

then an access list will be created

 

<prec>] [tos <tos>]

 

 

 

 

 

 

 

using this number.

 

 

access list <num> {deny permit} udp {{<sIpAddr>

Creates

a

numbered

UDP

 

extended IP access rule; if the

 

<sMask>}

any-source

{host-source

<sIpAddr>}}

numbered extended access list of

 

[s-port

<sPort>]

{{<dIpAddr>

<dMask>}

specified number does not exist,

 

any-destination {host-destination <dIpAddr>}} [d-port

then an access list will be created

 

<dPort>] [precedence <prec>] [tos <tos>]

 

 

 

using this number.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Creates a numbered IP extended

 

access list <num> {deny permit} {eigrp gre igrp

IP access rule for other specific IP

 

ipinip ip <int>} {{<sIpAddr> <sMask>} any-source

protocol or all IP protocols; if the

 

{host-source<sIpAddr>}} {{<dIpAddr> <dMask>}

numbered extended access list of

 

any-destination {host-destination <dIpAddr>}}

specified number does not exist,

 

[precedence <prec>] [tos <tos>]

 

 

 

 

then an access list will be created

 

 

 

 

 

 

 

 

 

 

 

using this number.

 

 

no access list <num>

 

 

 

 

 

 

 

Deletes a numbered extensive IP

 

 

 

 

 

 

 

 

access list

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

3) Configuring a standard IP access list basing on nomenclature

 

 

 

 

 

 

 

 

 

 

 

 

268

 

 

 

 

 

Page 268 Page 270
Page 269
Image 269
Accton Technology ES4710BD manual SMask, SIpAddr, DIpAddr Icmp-type, SPort DIpAddr DMask, Prec tos tos
Page 268 Page 270
Top Page Image Contents