Ip Access Control List (Acl) Commands - NETGEAR GSM7228PS Cli Manual

Term Definition
Redirect The unit/slot/port to which packets matching this rule are forwarded.
Interface

IP Access Control List (ACL) Commands

This section describes the commands you use to configure IP ACL settings. IP ACLs ensure that
only authorized users have access to specific resources and block any unwarranted attempts to
reach network resources.
The following rules apply to IP ACLs:
• Managed switch software does not support IP ACL configuration for IP packet fragments.
• The maximum number of ACLs you can create is hardware dependent. The limit applies to all
ACLs, regardless of type.
• The maximum number of rules per IP ACL is hardware dependent.
• On GSM7328S v1 and GSM7352S v1 platforms, if you configure a MAC ACL on an
interface, you cannot configure an IP ACL on the same interface.
• Wildcard masking for ACLs operates differently from a subnet mask. A wildcard mask is in
essence the inverse of a subnet mask. With a subnet mask, the mask has ones (1's) in the bit
positions that are used for the network address, and has zeros (0's) for the bit positions that are
not used. In contrast, a wildcard mask has (0's) in a bit position that must be checked. A '1' in
a bit position of the ACL mask indicates the corresponding bit can be ignored.
access-list
This command creates an IP Access Control List (ACL) that is identified by the access list number,
which is 1-99 for standard ACLs or 100-199 for extended ACLs.
IP Standard ACL:
Format
access-list <1-99> {deny | permit} {every | <srcip> <srcmask>} [log]
[assign-queue <queue-id>] [{mirror | redirect} <unit/slot/port>]
Mode Global Config
Quality of Service (QoS) Commands
Managed Switch CLI Manual, Release 8.0.3
v1.0, July 2010
8-37