Accton Technology ES4710BD 12.2.2.8 permit

274

EES4710BD 10 Slots L2/L3/L4 Chassis Switch

Command: ip access-group [<num>|<acl-name> { in|out }

no ip access-group <name> { in|out }

Function: Applies an access list to the incoming direction on the port; the “no ip access-group

<name> {in|out}” command deletes the access list bound to the port.

Parameter: <name> is the name for access list; the character string length is 1 – 8.

Command mode: Physical Interface Mode

Default: No ACL is bound by default.

Usage Guide: Only one access rule can be bound to a port, application of an access list on the

outgoing direction is not supported yet.

Example: Binding access list “aaa” to the incoming direction of the port.

Switch(Config-Ethernet1/1)#ip access-group aaa in

12.2.2.8 permit | deny(extended)

Command: [no] {deny | permit} icmp {{<sIpAddr> <sMask>} | any-source | {host-source

<sIpAddr>}} {{<dIpAddr> <dMask>} | any-destination | {host-destination <dIpAddr>}}

[<icmp-type> [<icmp-code>]] [precedence <prec>] [tos <tos>]

[no] {deny | permit} igmp {{<sIpAddr> <sMask>} | any-source | {host-source <sIpAddr>}}

{{<dIpAddr> <dMask>} | any-destination | {host-destination <dIpAddr>}} [<igmp-type>]

[precedence <prec>] [tos <tos>]

[no] {deny | permit} tcp {{<sIpAddr> <sMask>} | any-source | {host-source <sIpAddr>}}

[s-port <sPort>] {{<dIpAddr> <dMask>} | any-destination | {host-destination <dIpAddr>}}

[d-port <dPort>] [ack | fin | psh | rst | syn | urg] [precedence <prec>] [tos <tos>]

[no] {deny | permit} udp {{<sIpAddr> <sMask>} | any-source | {host-source <sIpAddr>}}

[s-port <sPort>] {{<dIpAddr> <dMask>} | any-destination | {host-destination <dIpAddr>}}

[d-port <dPort>] [precedence <prec>] [tos <tos>]

[no] {deny | permit} {eigrp | gre | igrp | ipinip | ip | <int>} {{<sIpAddr> <sMask>} |

any-source | {host-source <sIpAddr>}} {{<dIpAddr> <dMask>} | any-destination |

{host-destination <dIpAddr>}} [precedence <prec>] [tos <tos>]

Function: Creates or deletes a name-based extended IP access rule for a specified IP protocol or all

IP protocols.

Parameters: <sIpAddr> is the source IP address in decimal format; <sMask > is the mask

complement of the source IP in decimal format; <dIpAddr> is the destination IP

address in decimal format; <dMask> is the mask complement of the destination IP in

decimal format, 0 for significant bit and 1 for ignored bit; <igmp-type> is the IGMP

type from 0 to 255; <icmp-type> is the ICMP type from 1 to 255; <icmp-code> is the

ICMP protocol number from 0 to 255; <prec> is the IP priority from 0 – 7; <tos> is the

tos value from 0 -15; <sPort> is the source port number from 0 – 65535; <dPort> is the

destination port number from 0 – 65535.

Command Mode: named-based extended IP ACL configuration mode

Default: No IP address is configured by default.

Example: Creating an extensive IP access list named “udpFlow”, denying IGMP packets and

allowing UDP packets destined for 192.168.0.1, port 32.