DXS-3600 Series Layer 3 Managed 10Gigabit Ethernet Switch CLI Reference Guide
54
4-18 permit | deny (ip access-list)
This command is used to add a permit or a deny entry. Use the
no
form of the command to remove an
entry.
Extended Access List:
[SEQUENCE-NUMBER] {permit | deny} tcp {any | host SRC-IP-ADDR | SRC-IP-ADDR SRC-IP-
WILDCARD} [{eq | lt | gt | neq} PORT | range MIN-PORT MAX-PORT] {any | host DST-IP-ADDR |
DST-IP-ADDR DST-IP-WILDCARD} [{eq | lt | gt | neq} PORT | range MIN-PORT MAX-PORT] [TCP-
FLAG] [[precedence PRECEDENCE] [tos TOS] | dscp DSCP] [time-range PROFILE-NAME]
[SEQUENCE-NUMBER] {permit | deny} udp {any | host SRC-IP-ADDR | SRC-IP-ADDR SRC-IP-
WILDCARD} [{eq | lt | gt | neq} PORT | range MIN-PORT MAX-PORT] {any | host DST-IP-ADDR |
DST-IP-ADDR DST-IP-WILDCARD} [{eq | lt | gt | neq} PORT | range MIN-PORT MAX-PORT]
[[precedence PRECEDENCE] [tos TOS] | dscp DSCP] [time-range PROFILE-NAME]
[SEQUENCE-NUMBER] {permit | deny} icmp {any | host SRC-IP-ADDR | SRC-IP-ADDR SRC-IP-
WILDCARD} {any | host DST-IP-ADDR | DST-IP-ADDR DST-IP-WILDCARD} [ICMP-TYPE [ICMP-
CODE] | ICMP-MESSAGE] [[precedence PRECEDENCE] [tos TOS] | dscp DSCP] [time-range
PROFILE-NAME]
[SEQUENCE-NUMBER] {permit | deny} {gre | esp | eigrp | igmp | ipinip | ospf | pcp | pim | vrrp |
protocol-id PROTOCOL-ID} {any | host SRC-IP-ADDR | SRC-IP-ADDR SRC-IP-WILDCARD} {any |
host DST-IP-ADDR | DST-IP-ADDR DST-IP-WILDCARD} [fragments] [[precedence PRECEDENCE]
[tos TOS] | dscp DSCP] [time-range PROFILE-NAME]
[SEQUENCE-NUMBER] {permit | deny} {any | host SRC-IP-ADDR | SRC-IP-ADDR SRC-IP-
WILDCARD} [any | host DST-IP-ADDR | DST-IP-ADDR DST-IP-WILDCARD] [fragments]
[[precedence PRECEDENCE] [tos TOS] | dscp DSCP] [time-range PROFILE-NAME]
Standard IP Access List:
[SEQUENCE-NUMBER] {permit | deny} {any | host SRC-IP-ADDR | SRC-IP-ADDR SRC-IP-
WILDCARD} [any | host DST-IP-ADDR | DST-IP-ADDR DST-IP-WILDCARD]
no SEQUENCE-NUMBER
Parameters
SEQUENCE-NUMBER
Specifies the sequence number. The range is from 1 to 65535. The
lower the number is, the higher the priority of the permit/deny rule.
any
Specifies any source IP address or any destination IP address.
host SRC-IP-ADDR
Specifies a specific source host IP address.
SRC-IP-ADDR SRC-IP-
WILDCARD
Specifies a group of source IP addresses by using a wildcard bitmap.
The bit corresponding to the bit value 1 will be ignored. The bit
corresponding to the bit value 0 will be checked.
host DST-IP-ADDR
Specifies a specific destination host IP address.
DST-IP-ADDR DST-IP-
WILDCARD
Specifies a group of destination IP addresses by using a wildcard
bitmap. The bit corresponding to the bit value 1 will be ignored. The bit
corresponding to the bit value 0 will be checked.
precedence PRECEDENCE
(Optional) Specifies that packets can be filtered by precedence level,
as specified by a number from 0 to 7.
dscp DSCP
(Optional) Specifies the matching DSCP code in IP header. The range
is from 0 to 63, or select the following DSCP name: af11 - 001010,
af12 -001100, af13 - 001110, af21 - 010010, af22 - 010100, af23 -
010110, af31 - 011010, af32 - 011100, af33 - 011110, af41 - 100010,
Summary of Contents for DXS-3600 Series
Page 1: ......
Page 423: ...DXS 3600 Series Layer 3 Managed 10Gigabit Ethernet Switch CLI Reference Guide 418 ...
Page 548: ...DXS 3600 Series Layer 3 Managed 10Gigabit Ethernet Switch CLI Reference Guide 543 ...
Page 673: ...DXS 3600 Series Layer 3 Managed 10Gigabit Ethernet Switch CLI Reference Guide 668 ...
Page 712: ...DXS 3600 Series Layer 3 Managed 10Gigabit Ethernet Switch CLI Reference Guide 707 Switch ...
Page 845: ...DXS 3600 Series Layer 3 Managed 10Gigabit Ethernet Switch CLI Reference Guide 840 ...
Page 884: ...DXS 3600 Series Layer 3 Managed 10Gigabit Ethernet Switch CLI Reference Guide 879 ...
Page 1152: ...DXS 3600 Series Layer 3 Managed 10Gigabit Ethernet Switch CLI Reference Guide 1147 ...