Setting value
Description
A.B.C.D/M
Specifies an IPv4 address (A.B.C.D) with subnet
mask length (Mbit)
host A.B.C.D
Specifies a single IPv4 address (A.B.C.D)
any
Applies to all IPv4 addresses
src-port
:
<0-65535>
If protocol is specified as tcp or udp, this specifies the transmission source port number <0-65535>
that is the condition. This can also be omitted.
Method of specifying
Description
eq X
Specify port number (X)
range X Y
Specify port numbers (X) through (Y)
dst-info
:
Specifies the destination IPv4 address information that is the condition
Setting value
Description
A.B.C.D E.F.G.H
Specifies an IPv4 address (A.B.C.D) with
wildcard bits (E.F.G.H)
A.B.C.D/M
Specifies an IPv4 address (A.B.C.D) with subnet
mask length (Mbit)
host A.B.C.D
Specifies a single IPv4 address (A.B.C.D)
any
Applies to all IPv4 addresses
dst-port
:
<0-65535>
If protocol is specified as tcp or udp, this specifies the destination port number <0-65535> that is the
condition. This can also be omitted.
Method of specifying
Description
eq X
Specify port number (X)
range X Y
Specify port numbers (X) through (Y)
[Initial value]
none
[Input mode]
global configuration mode
[Description]
Generates an IPv4 access list.
Multiple conditions (maximum 39) can be specified for the generated access list.
To apply the generated access list, use the
access-group
command of interface mode.
If the "no" syntax is used to specify "action" and following, the IPv4 access list that matches all conditions is deleted.
If the "no" syntax is used without specifying "action" and following, the IPv4 access list of the matching access ID is deleted.
[Note]
An access list that is applied to a LAN/SFP port cannot be deleted using the "no" syntax. You must first cancel the application,
and then delete the access list.
For both src-port and dst-port, you can use "range" to specify a range; however for the entire system, only one IPv4 access list
that specifies a range in this way can be applied to the interface by using the
access-group
command.
[Example]
Create access list #1 that denies communication from the source segment 192.168.1.0/24 to the destination 172.16.1.1.
SWR2311P(config)#access-list 1 deny any 192.168.1.0 0.0.0.255 host 172.16.1.1
Command Reference | Traffic control |
217