TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide
149
destination-ip-mask —— The destination IP address mask. It is required if you
typed the destination IP address.
time-segment —— The time-range for the rule to take effect. By default, it is
not limited.
frag —— Enable/Disable Fragment. By default, it is disabled. If Fragment is
enabled, this rule will process all the fragments and the last piece of fragment
will be always forwarded.
Command Mode
Global Configuration Mode
Example
Create a Standard-IP ACL whose ID is 120, and add Rule 10 for it. In the rule,
the source IP address is 192.168.0.100, the source IP address mask is
255.255.255.0, the time-range for the rule to take effect is tSeg1, and the
packets match this rule will be forwarded by the switch:
TL-SL3428(config)#access-list create 120
TL-SL3428(config)#access-list standard 120 rule 10 permit sip 192.168.0.100
smask 255.255.255.0 tseg tSeg1
access-list extended Description
The access-list extended command is used to add Extended-IP ACL rule. To
delete the corresponding rule, please use no access-list extended command.
Syntax
access-list extended acl-id rule rule-id [deny | permit] [ [sip source-ip] smask
source-ip-mask] [ [dip destination-ip] dmask destination-ip-mask] [tseg
time-segment] [frag {disable | enable}] [dscp dscp] [s-port s-port] [d-port d-port]
[tcpflag tcpflag] [protocol protocol] [icmptype icmptype] [icmpcode icmpcode]
[tos tos] [pri pri]
no access-list extended acl-id rule rule-id
Parameter
acl-id——The desired Extended-IP ACL for configuration.
rule-id —— The rule ID.
deny —— The operation to discard packets.
permit ——The operation to forward packets. It is the default value.