Enterasys Networks DFE-Gold Series

access-list (extended) Configuring Access Lists

Enterasys Matrix DFE-Gold Series Configuration Guide 24-19

Defaults

•Ifinsert,replace,ormovearenotspecified,thenewentrywillbeappendedtotheaccesslist.

•Ifsource2isnotspecifiedwithmove,onlyoneentrywillbemoved.

•Ificmp‐typeandicmp‐codearenotspecified,ICMPparameterswillbeappliedtoallICMP

messagetypes.

•If

operatorandportarenotspecified,accessparameterswillbeappliedtoallTCPorUDP

ports.

destinationSpecifiesthenetworkorhosttowhichthepacketwillbesent.Valid

optionsforexpressingdestinationare:

•IPaddress(A.B.C.D)

•any‐Anydestinationhost

•hostsource‐IPaddressofasingledestinationhost

destination‐

wildcard

(Optional)Specifiesthebitstoignoreinthedestinationaddress.

icmp‐type (Optional)FiltersICMPframesbyICMPmessagetype.Thetypeisa

numberfrom0to255.

icmp‐code (Optional)FurtherfiltersICMPframesfilteredbyICMPmessagetype

bytheirICMPmessagecode.Thecodeisanumberfrom0to255.

operatorport (Optional)AppliesaccessrulestoTCPorUDPsourceordestination

portnumbers.Possibleoperandsinclude:

•ltport‐Matchonlypacketswithalowerportnumber.

•gtport‐Matchonlypacketswithagreaterportnumber.

•eqport‐Matchonlypacketsonagivenportnumber.

•neqport‐Matchonlypacketsnotonagivenportnumber.

•rangemin‐sportmax‐sport‐Matchonlypacketsintherangeof

sourceports

•rangemin‐dportmax‐dport‐Matchonlypacketsintherangeof

destinationports.

tos‐extensions (Optional)Appliesaccessrulestotheprecedenceand/ortosfields,orto

theDiffServfield.Thatis,youcanspecifyoneorbothprecedenceand

tosfields,oryoucanspecifytheDiffServfield.Usethefollowing

keyword/valuepairstospecifythetos‐extensions:

•precedencevalue(0‐7)‐MatchpacketsbasedontheIPprecedence

value.

•tosvalue(0‐15)‐MatchpacketsbasedontheIPTypeofService

value.

•dscpvalue(0‐63)‐MatchpacketsbasedontheDiffservcodepoint

value.

established (Optional)AppliesTCPrestrictionstoestablishedconnectionsonly.

log (Optional)Enabletherulebeingconfiguredforsyslog.