D-Link DXS-1210-12TC Reference Manual page 48

The sequence number must be unique in the domain of an access-list. If you enter a sequence
number that is already present, an error message will be shown.
Example
This example shows how to use the extended expert ACL. The purpose is to deny all the TCP
packets with the source IP address 192.168.4.12 and the source MAC address 00:13:00:49:82:72.
Switch# configure terminal
Switch(config)#expert access-list extended exp_acl
Switch(config-exp-nacl)# rule deny tcp host 192.168.4.12 host 0013.0049.8272 any
any
Switch(config-exp-nacl)# end
Switch# show access-list expert
Extended EXPERT access list exp_acl(ID: 9998)
10 deny TCP host 192.168.4.12 any host 00:13:00:49:82:72 any
4-14
This command is used to add a permit or a deny entry. Use the no form of this command to remove
an entry.
Extended Access List:
rule [SEQUENCE-NUMBER] {permit | deny} tcp {any | host SRC-IP-ADDR | SRC-IP-ADDR
SRC-IP-WILDCARD} [{eq | lt | gt | neq} PORT | range MIN-PORT MAX-PORT] {any | host DST-
IP-ADDR | DST-IP-ADDR DST-IP-WILDCARD} [{eq | lt | gt | neq} PORT | range MIN-PORT
MAX-PORT] [TCP-FLAG] [[precedence PRECEDENCE] [tos TOS] | dscp DSCP] [time-range
PROFILE-NAME]
rule [SEQUENCE-NUMBER] {permit | deny} udp {any | host SRC-IP-ADDR | SRC-IP-ADDR
SRC-IP-WILDCARD} [{eq | lt | gt | neq} PORT | range MIN-PORT MAX-PORT] {any | host DST-
IP-ADDR | DST-IP-ADDR DST-IP-WILDCARD} [{eq | lt | gt | neq} PORT | range MIN-PORT
MAX-PORT] [[precedence PRECEDENCE] [tos TOS] | dscp DSCP] [time-range PROFILE-
NAME]
rule [SEQUENCE-NUMBER] {permit | deny} icmp {any | host SRC-IP-ADDR | SRC-IP-ADDR
SRC-IP-WILDCARD} {any | host DST-IP-ADDR | DST-IP-ADDR DST-IP-WILDCARD} [ICMP-
TYPE [ICMP-CODE] | ICMP-MESSAGE] [[precedence PRECEDENCE] [tos TOS] | dscp DSCP]
[time-range PROFILE-NAME]
rule [SEQUENCE-NUMBER] {permit | deny} {gre | esp | eigrp | igmp | ipinip | ospf | pcp | pim
| vrrp | protocol-id PROTOCOL-ID} {any | host SRC-IP-ADDR | SRC-IP-ADDR SRC-IP-
WILDCARD} {any | host DST-IP-ADDR | DST-IP-ADDR DST-IP-WILDCARD} [fragments]
[[precedence PRECEDENCE] [tos TOS] | dscp DSCP] [time-range PROFILE-NAME]
rule [SEQUENCE-NUMBER] {permit | deny} {any | host SRC-IP-ADDR | SRC-IP-ADDR SRC-
IP-WILDCARD} [any | host DST-IP-ADDR | DST-IP-ADDR DST-IP-WILDCARD] [fragments]
[[precedence PRECEDENCE] [tos TOS] | dscp DSCP] [time-range PROFILE-NAME]
Standard IP Access List:
rule [SEQUENCE-NUMBER] {permit | deny} {any | host SRC-IP-ADDR | SRC-IP-ADDR SRC-
IP-WILDCARD} [any | host DST-IP-ADDR | DST-IP-ADDR DST-IP-WILDCARD] [time-range
PROFILE-NAME]
no SEQUENCE-NUMBER
Parameters
SEQUENCE-NUMBER
any
DXS-1210 Series Smart Managed Switch CLI Reference Guide
permit | deny (ip access-list)
Specifies the sequence number. The range is from 1 to 65535. The
lower the number is, the higher the priority of the permit/deny rule.
Specifies any source IP address or any destination IP address.
45