ES4710BD 10 Slots L2/L3/L4 Chassis Switch

ip access-group <name> {inout } no ip access-group <name> {inout}

Applies an access list to the specified direction on

the port; the “no ip access-group <name>

{inout}” command deletes the access list bound to the port.

12.2.2ACL Configuration Commands

12.2.2.1access-list(extended)

Command: access-list <num> {deny permit} icmp {{<sIpAddr> <sMask>} any-source {host-source <sIpAddr>}} {{<dIpAddr> <dMask>} any-destination {host-destination <dIpAddr>}} [<icmp-type>[<icmp-code>]] [precedence <prec>] [tos <tos>]

access-list <num> {deny permit} igmp {{<sIpAddr> <sMask>} any-source {host-source <sIpAddr>}} {{<dIpAddr> <dMask>} any-destination {host-destination <dIpAddr>}} [<igmp-type>] [precedence <prec>] [tos <tos>]

access-list <num> {deny permit} tcp {{<sIpAddr> <sMask>} any-source {host-source <sIpAddr>}} [s-port <sPort>] {{<dIpAddr> <dMask>} any-destination {host-destination <dIpAddr>}} [d-port <dPort>] [ack fin psh rst syn urg] [precedence <prec>] [tos <tos>]

access-list <num> {deny permit} udp {{<sIpAddr> <sMask>} any-source {host-source <sIpAddr>}} [s-port <sPort>] {{<dIpAddr> <dMask>} any-destination {host-destination <dIpAddr>}} [d-port <dPort>] [precedence <prec>] [tos <tos>]

access-list <num> {deny permit} {eigrp gre igrp ipinip ip <int>} {{<sIpAddr> <sMask>} any-source {host-source <sIpAddr>}} {{<dIpAddr> <dMask>} any-destination {host-destination <dIpAddr>}} [precedence <prec>] [tos <tos>]

no access-list <num>

Function: Creates a numbered extended IP access rule for specific IP protocol or all IP protocols; if the numbered extended access list of specified number does not exist, then an access list will be created using this number. The “no” form command deletes a numbered extended IP access list.

Parameters: <num> is the access table number from 100 to 199; <sIpAddr> is the source IP address in decimal format; <sMask > is the mask complement of the source IP in decimal format; <dIpAddr> is the destination IP address in decimal format; <dMask> is the mask complement of the destination IP in decimal format, 0 for significant bit and 1 for ignored bit; <igmp-type>is the IGMP type; <icmp-type>is the ICMP type; <icmp-code>is the ICMP protocol number; <prec> is the IP priority from 0 – 7; <tos> is the tos value from 0 -15; <sPort> is the source port number from 0 – 65535; <dPort> is the destination port number from 0 – 65535.

Command mode: Global Mode

271

Page 271 Page 273
Page 272
Image 272
Accton Technology ES4710BD manual ACL Configuration Commands Access-listextended, Port the no ip access-group name
Page 271 Page 273
Top Page Image Contents