config acl rule action

Use this command to specify the action for the ACL and rule referenced by the parameters <aclid> and <rulenum>. The values of permit or deny indicate how this rule is applied.

Format

config acl rule action <aclid> <rulenum> <permit/deny>

config acl rule create

Use this command to create a rule within the ACL referenced by the parameter <aclid>. The rule is identified by the <rulenum> parameter. An ACL may have up to 10 user-specified rules, whose <rulenum> ranges from 1 to 10. Rules are created with a default action of deny.

Default deny

Format

config acl rule create <aclid> <rulenum>

config acl rule delete

Use this command to remove a rule from the ACL referenced by the parameter <aclid>. The rule is identified by the <rulenum> parameter.

Format

config acl rule delete <aclid> <rulenum>

config acl rule match dstip

Use this command to specify a destination IP address and mask match condition for the ACL rule referenced by the <aclid> and <rulenum> parameters. The <ipaddr> and <ipmask> parameters are 4-digit dotted-decimal numbers which represent the destination IP address and IP mask, respectively.

Format

config acl rule match dstip <aclid> <rulenum> <ipaddr> <ipmask>

config acl rule match dstl4port keyword

Use this command to specify a destination layer 4 port match condition for the ACL rule referenced by the <aclid> and <rulenum> parameters. The <portkey> parameter uses a single keyword notation and currently has the values of domain, echo, ftp, ftpdata, http, smtp, snmp, Telnet, tftp and www.

Each of these values translates into its equivalent port number, which is used as both the start and end of a port range.

This command and the config acl match destl4port number command are two methods of specifying the destination layer 4 port range as a match condition. Either command can be used to configure or modify the destination layer 4 port range.

Format

config acl rule match dstl4port keyword <aclid> <rulenum> <portkey>

config acl rule match dstl4port number

Use this command to specify a destination layer 4 port match condition for the ACL rule referenced by the <aclid> and <rulenum> parameters. The <startport> and <endport> parameters identify the first and last ports that are part of the port range. They have values from 0 to 65535. The ending port must have a value equal to or greater than the starting port. The starting port, ending port and all ports in between will be part of the destination port range.

Either this command or the config acl match destl4port keyword command may be used to specify a destination layer 4 port range as a match condition.

Format

config acl rule match dstl4port range <aclid> <rulenum> <startport> <endport>

220

Intel® Blade Server Ethernet Switch Module IXM5414E

Page 229 Page 231
Page 230
Image 230
Intel IXM5414E manual Config acl rule action, Config acl rule create, Config acl rule delete, Config acl rule match dstip
Page 229 Page 231
Top Page Image Contents