122 Summit 200 Series Switch Installation and User Guide
Access Policies
create access-mask <access-mask name>
{dest-mac}
{source-mac}
{vlan}
{ethertype}
{tos | code-point}
{ipprotocol}
{dest-ip /<mask length>} {dest-L4port}
{source-ip /<mask length>}
{source-L4port | {icmp-type} {icmp-code}}
{permit-established}
{egressport}
{ports}
{precedence <number>}
Creates an access mask. The mask specifies
which packet fields to examine. Options include:
•<access-mask name>—Specifies the
access mask name. The access mask name
can be between 1 and 31 characters.
•dest-mac—Specifies the destination MAC
address field.
•source-mac—Specifies the source MAC
address field.
•vlan—Specifies the VLANid field.
•ethertype—Specifies the Ethertype field.
•tos—Specifies the IP precedence field.
•code-point—Specifies the DiffServ code
point field.
•ipprotocol—Specifies the IP protocol field.
•dest-ip—Specifies the IP destination field
and subnet mask. You must supply the
subnet mask.
•dest-L4port—Specifies the destination port
field.
•source-ip—Specifies the IP source address
field and subnet mask. You must supply the
subnet mask.
•source-L4port—Specifies the source port
field.
•icmp-type—Specify the ICMP type field.
•icmp-code—Specify the ICMP code field.
•permit-established—Specifies the TCP
SYN/ACK bit fields.
•egressport—Specify the egress port
•ports—Specifies the ingress port(s) on
which this rule is applied.
•precedence—Specifies the access mask
precedence number. The range is 1 to
25,600.
Table 32: Access Control List Configuration Commands (continued)
Command Description