8
C H A P T E R
Access Control List (ACL) Commands
The switch implements Access Control Lists that enable the it to deny network access to specific devices
or device groups based on IP settings and MAC address.
The Access Control commands in the CLI are listed (along with the appropriate parameters) in the
following table.
Command
create access_profile
delete access_profile
Extreme Networks EAS 100-24t Switch CLI Manual
Access Control List (ACL)
Parameters
[ethernet{vlan {<hex 0x0-0x0fff>} | source_mac <macmask> | destination_mac
<macmask> | 802.1p | ethernet_type} | ip {vlan {<hex 0x0-0x0fff>} |
source_ip_mask <netmask> | destination_ip_mask <netmask> | dscp | [icmp {
type | code} | igmp { type } | tcp {src_port_mask <hex 0x0-0xffff> |
dst_port_mask <hex 0x0-0xffff> | flag_mask [ all | {urg | ack | psh | rst | syn |
fin}] } | udp {src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff>}
| protocol_id_mask <hex 0x0-0xff>]} | ipv6 {class | flowlabel |
source_ipv6_mask <ipv6mask > | [tcp {src_port_mask <hex 0x0-0xffff> |
dst_port_mask <hex 0x0-0xffff>} | udp {src_port_mask <hex 0x0-0xffff> |
dst_port_mask <hex 0x0-0xffff>}]} | packet_content_mask{offset1 <value 2-
126> <hex 0x0-0xffffffff> | offset2 <value 2-126> <hex 0x0-0xffffffff> | offset3
<value 2-126> <hex 0x0-0xffffffff> | offset4 <value 2-126> <hex 0x0-0xffffffff> |
} ] profile_id <value 1-256>
[profile_id <value 1-256> | all]
227