D-Link DXS-1210-12TC Reference Manual page 50

None.
Command Mode
IP Access-list Configuration Mode.
Command Default Level
Level: 12.
Usage Guideline
If a rule entry is created without a sequence number, a sequence number will be automatically
assigned. If it is the first entry, the sequence number 10 is assigned. A subsequent rule entry will be
assigned a sequence number that is 10 greater than the largest sequence number in that access list
and is placed at the end of the list.
The user can use the command access-list sequence to change the start sequence number and
increment number for the specified access list. After the command is applied, the new rule without
specified sequence number will be assigned sequence based new sequence setting of the specified
access list.
When you manually assign the sequence number, it is better to have a reserved interval for future
lower sequence number entries. Otherwise, it will create extra effort to insert an entry with a lower
sequence number.
The sequence number must be unique in the domain of an access-list. If you enter a sequence
number that is already present, an error message will be shown.
To create a matching rule for an IP standard access list, only the source IP address or destination IP
address fields can be specified.
Example
This example shows how to create four entries for an IP extended access list, named Strict-Control.
These entries are: permit TCP packets destined to network 10.20.0.0, permit TCP packets destined to
host 10.100.1.2, permit all TCP packets go to TCP destination port 80 and permit all ICMP packets.
Switch# configure terminal
Switch(config)#ip access-list extended Strict-Control
Switch(config-ip-ext-acl)# rule permit tcp any 10.20.0.0 0.0.255.255
Switch(config-ip-ext-acl)# rule permit tcp any host 10.100.1.2
Switch(config-ip-ext-acl)# rule permit tcp any any eq 80
Switch(config-ip-ext-acl)# rule permit icmp any any
Switch(config-ip-ext-acl)#
This example shows how to create two entries for an IP standard access-list, named "std-ip".These
entries are: permit IP packets destined to network 10.20.0.0, permit IP packets destined to host
10.100.1.2.
Switch# configure terminal
Switch(config)#ip access-list std-acl
Switch(config-ip-acl)# rule permit any 10.20.0.0 0.0.255.255
Switch(config-ip- acl)# rule permit any host 10.100.1.2
Switch(config-ip- acl)#
4-15 permit | deny (ipv6 access-list)
This command is used to add a permit entry or deny entry to the IPv6 accesslist. Use the no form of
this command to remove an entry from the IPv6 accesslist.
Extended IPv6 Access List:
rule [SEQUENCE-NUMBER] {permit | deny} tcp {any | host SRC-IPV6-ADDR | SRC-IPV6-
ADDR/PREFIX-LENGTH} [{eq | lt | gt | neq} PORT | range MIN-PORT MAX-PORT] {any | host
DST-IPV6-ADDR | DST-IPV6-ADDR/PREFIX-LENGTH} [{eq | lt | gt | neq} PORT | range MIN-
DXS-1210 Series Smart Managed Switch CLI Reference Guide
47