Create Access-List Tcp Destination Source Ports - Extreme Networks ExtremeWare Command Reference Manual
Version 7.5
Hide thumbs
Also See for ExtremeWare:
- Command reference manual (2620 pages) ,
- Command reference manual (2254 pages) ,
- Command reference manual (1598 pages)
Table of Contents
Advertisement
create access-list tcp destination source ports
create access-list <name> tcp destination [<dest_ipaddress>/<mask> | any]
ip-port [<dst_port> | range <dst_port_min> <dst_port_max> | any]
source [<src_ipaddress>/<src_mask> | any] ip-port [<src_port> | range
<src_port_min> <src_port_max> | any] [permit <qosprofile> |
permit-established | deny] ports [<portlist> | any] {precedence
<precedence_num>}
Description
Creates a named IP access list that applies to TCP traffic.
NOTE
This command is available only on the "i" series switches. To create an access list for an "e" series
switch, use the
Syntax Description
name
dest_ipaddress/mask
dst_port
dst_port_min
dst_port_max
src_ipaddress/src_mask
src_port
src_port_min
src_port_max
permit
qosprofile
permit-established
deny
portlist
prec_number
ExtremeWare 7.5 Command Reference Guide
command.
create access-list
Specifies the access list name. The access list name can be between 1 and
31 characters.
Specifies an IP destination address and subnet mask. A mask length of 32 indicates
a host entry.
any specifies that any address will match.
Specifies a TCP layer 4 port.
any specifies that all TCP ports will match.
Specifies the beginning of a TCP layer 4 port range.
Specifies the end of a TCP layer 4 port range.
Specifies a source IP address and subnet mask.
any specifies that any address will match.
Specifies a TCP layer 4 port.
any specifies that all TCP ports will match.
Specifies the beginning of a TCP layer 4 port range.
Specifies the end of a TCP layer 4 port range.
Specifies that packets that match the access list description are permitted to be
forward by this switch.
Specifies an optional QoS profile can be assigned to the access list, so that the
switch can prioritize packets accordingly.
Specifies that a currently-established TCP session is allowed, but TCP packets from
source to destination (uni-directional) with SYN=1 and ACK=0 (to initiate a new
session) will be dropped.
Specifies that packets that match the access list description are filtered (dropped) by
the switch.
Specifies the ingress port(s) on which this rule is applied.
any specifies that the rule will be applied to all ports.
Specifies the access list precedence number. The range is 1 to 25,600.
create access-list tcp destination source ports
937
Advertisement
Table of Contents
