271
EES4710BD 10 Slots L2/L3/L4 Chassis Switch
ip access-group <name> {in|out }
no ip access-group <name> {in|out}
Applies an access list to the specified direction on
the port; the “no ip access-group <name>
{in|out}” command deletes the access list bound
to the port.
12.2.2 ACL Configuration Commands 12.2.2.1 access-list(extended)
Command: access-list <num> {deny | permit} icmp {{<sIpAddr> <sMask>} | any-source |
{host-source <sIpAddr>}} {{<dIpAddr> <dMask>} | any-destination | {host-destination
<dIpAddr>}} [<icmp-type> [<icmp-code>]] [precedence <prec>] [tos <tos>]
access-list <num> {deny | permit} igmp {{<sIpAddr> <sMask>} | any-source |
{host-source <sIpAddr>}} {{<dIpAddr> <dMask>} | any-destination | {host-destination
<dIpAddr>}} [<igmp-type>] [precedence <prec>] [tos <tos>]
access-list <num> {deny | permit} tcp {{<sIpAddr> <sMask>} | any-source | {host-source
<sIpAddr>}} [s-port <sPort>] {{<dIpAddr> <dMask>} | any-destination | {host-destination
<dIpAddr>}} [d-port <dPort>] [ack | fin | psh | rst | syn | urg] [precedence <prec>] [tos <tos>]
access-list <num> {deny | permit} udp {{<sIpAddr> <sMask>} | any-source |
{host-source <sIpAddr>}} [s-port <sPort>] {{<dIpAddr> <dMask>} | any-destination |
{host-destination <dIpAddr>}} [d-port <dPort>] [precedence <prec>] [tos <tos>]
access-list <num> {deny | permit} {eigrp | gre | igrp | ipinip | ip | <int>} {{<sIpAddr>
<sMask>} | any-source | {host-source <sIpAddr>}} {{<dIpAddr> <dMask>} | any-destination |
{host-destination <dIpAddr>}} [precedence <prec>] [tos <tos>]
no access-list <num>
Function: Creates a numbered extended IP access rule for specific IP protocol or all IP protocols; if
the numbered extended access list of specified number does not exist, then an access list will be
created using this number. The “no” form command deletes a numbered extended IP access list.
Parameters: <num> is the access table number from 100 to 199; <sIpAddr> is the source IP
address in decimal format; <sMask > is the mask complement of the source IP in decimal format;
<dIpAddr> is the destination IP address in decimal format; <dMask> is the mask complement of the
destination IP in decimal format, 0 for significant bit and 1 for ignored bit; <igmp-type> is the
IGMP type; <icmp-type> is the ICMP type; <icmp-code> is the ICMP protocol number; <prec> is
the IP priority from 0 – 7; <tos> is the tos value from 0 -15; <sPort> is the source port number from
0 – 65535; <dPort> is the destination port number from 0 – 65535.
Command mode: Global Mode