270
EES4710BD 10 Slots L2/L3/L4 Chassis Switch
[no] {deny | permit} tcp {{<sIpAddr> <sMask>} |
any-source | {host-source <sIpAddr>}} [s-port
<sPort>] {{<dIpAddr> <dMask>} | any-destination |
{host-destination <dIpAddr>}} [d-port <dPort>]
[ack | fin | psh | rst | syn | urg] [precedence <prec>]
[tos <tos>]
Creates an extended name-based
TCP IP access rule; the “no” form
command deletes this name-based
extended IP access rule
[no] {deny | permit} udp {{<sIpAddr> <sMask>} |
any-source | {host-source <sIpAddr>}} [s-port
<sPort>] {{<dIpAddr> <dMask>} | any-destination |
{host-destination <dIpAddr>}} [d-port <dPort>]
[precedence <prec>] [tos <tos>]
Creates an extended name-based
UDP IP access rule; the “no” form
command deletes this name-based
extended IP access rule
[no] {deny | permit} {eigrp | gre | igrp | ipinip | ip |
<int>} {{<sIpAddr> <sMask>} | any-source |
{host-source <sIpAddr>}} {{<dIpAddr> <dMask>} |
any-destination | {host-destination <dIpAddr>}}
[precedence <prec>] [tos <tos>]
Creates an extended name-based IP
access rule for other IP protocols;
the “no” form command deletes
this name-based extended IP access
rule
c. Exit extended IP ACL configuration mode
Command Explanation
Extended IP ACL Mode
Exit Exits extended name-based IP ACL configuration
mode
2. Configuring packet filtering function
(1) Enable global packet filtering function
Command Explanation
Global Mode
Firewall enable Enables global packet filtering function
Firewall disable disables global packet filtering function
(2) Configure default action.
Command Explanation
Global Mode
Firewall default permit Sets default action to “permit”
Firewall default deny Sets default action to “deny”
3. Bind access-list to a specific direction of the specified port.
Command Explanation
Physical Interface Mode