Chapter
9
Traffic control
9.1 ACL
9.1.1 Generate IPv4 access list
[Syntax]
access-list
ipv4-acl-id
[
seq_num
]
action
protocol
src-info
[
src-port
]
dst-info
[
dst-port
] [
ack
] [
fin
] [
psh
]
[
rst
] [
syn
] [
urg
]
no
access-list
ipv4-acl-id
[
seq_num
] [
action
protocol
src-info
[
src-port
]
dst-info
[
dst-port
] [
ack
] [
fin
]
[
psh
] [
rst
] [
syn
] [
urg
]]
[Keyword]
ack
:
If tcp is specified as the protocol, the ACK flag of the TCP header is specified as a condition.
fin
:
If tcp is specified as the protocol, the FIN flag of the TCP header is specified as a condition.
psh
:
If tcp is specified as the protocol, the PSH flag of the TCP header is specified as a condition.
rst
:
If tcp is specified as the protocol, the RST flag of the TCP header is specified as a condition.
syn
:
If tcp is specified as the protocol, the SYN flag of the TCP header is specified as a condition.
urg
:
If tcp is specified as the protocol, the URG flag of the TCP header is specified as a condition.
[Parameter]
ipv4-acl-id
:
<1-2000>
ID of IPv4 access list
seq_num
:
<1-65535>
Sequence number. Specifies the position of the entry within the applicable access list.
If the sequence number is omitted, the entry is added to the end of the list. At this time, the new entry
is automatically given a number that is 10 greater than the last existing entry. (If an entry is initially
added without a sequence number, its entry number will be 10.)
action
:
Specifies the action for the access condition
Setting value
Description
deny
"Deny" the condition
permit
"Permit" the condition
protocol
:
Specifies the applicable protocol type
Setting value
Description
<0-255>
Protocol number of the IP header
any
All IPv4 packets
tcp
TCP packets
udp
UDP packets
src-info
:
Specifies the transmission-source IPv4 address that is the condition
Setting value
Description
A.B.C.D E.F.G.H
Specifies an IPv4 address (A.B.C.D) with
wildcard bits (E.F.G.H)
216
| Command Reference | Traffic control