ES4710BD 10 Slots L2/L3/L4 Chassis Switch

Command: ip access-group [<num><acl-name>{ inout } no ip access-group <name> { inout }

Function: Applies an access list to the incoming direction on the port; the “no ip access-group<name> {inout}” command deletes the access list bound to the port.

Parameter: <name> is the name for access list; the character string length is 1 – 8.

Command mode: Physical Interface Mode

Default: No ACL is bound by default.

Usage Guide: Only one access rule can be bound to a port, application of an access list on the outgoing direction is not supported yet.

Example: Binding access list “aaa” to the incoming direction of the port. Switch(Config-Ethernet1/1)#ip access-group aaa in

12.2.2.8permit deny(extended)

Command: [no] {deny permit} icmp {{<sIpAddr> <sMask>} any-source {host-source <sIpAddr>}} {{<dIpAddr> <dMask>} any-destination {host-destination <dIpAddr>}} [<icmp-type>[<icmp-code>]] [precedence <prec>] [tos <tos>]

[no] {deny permit} igmp {{<sIpAddr> <sMask>} any-source {host-source <sIpAddr>}} {{<dIpAddr> <dMask>} any-destination {host-destination <dIpAddr>}} [<igmp-type>] [precedence <prec>] [tos <tos>]

[no] {deny permit} tcp {{<sIpAddr> <sMask>} any-source {host-source <sIpAddr>}} [s-port <sPort>] {{<dIpAddr> <dMask>} any-destination {host-destination <dIpAddr>}} [d-port <dPort>] [ack fin psh rst syn urg] [precedence <prec>] [tos <tos>]

[no] {deny permit} udp {{<sIpAddr> <sMask>} any-source {host-source <sIpAddr>}} [s-port <sPort>] {{<dIpAddr> <dMask>} any-destination {host-destination <dIpAddr>}} [d-port <dPort>] [precedence <prec>] [tos <tos>]

[no] {deny permit} {eigrp gre igrp ipinip ip <int>} {{<sIpAddr> <sMask>} any-source {host-source <sIpAddr>}} {{<dIpAddr> <dMask>} any-destination {host-destination <dIpAddr>}} [precedence <prec>] [tos <tos>]

Function: Creates or deletes a name-based extended IP access rule for a specified IP protocol or all IP protocols.

Parameters: <sIpAddr> is the source IP address in decimal format; <sMask > is the mask complement of the source IP in decimal format; <dIpAddr> is the destination IP address in decimal format; <dMask> is the mask complement of the destination IP in decimal format, 0 for significant bit and 1 for ignored bit; <igmp-type>is the IGMP type from 0 to 255; <icmp-type>is the ICMP type from 1 to 255; <icmp-code>is the ICMP protocol number from 0 to 255; <prec> is the IP priority from 0 – 7; <tos> is the tos value from 0 -15; <sPort> is the source port number from 0 – 65535; <dPort> is the destination port number from 0 – 65535.

Command Mode: named-based extended IP ACL configuration mode

Default: No IP address is configured by default.

Example: Creating an extensive IP access list named “udpFlow”, denying IGMP packets and allowing UDP packets destined for 192.168.0.1, port 32.

274

Page 274 Page 276
Page 275
Image 275
Accton Technology ES4710BD manual Permit denyextended
Page 274 Page 276
Top Page Image Contents