Table of Contents
Advertisement
Extended ACL
Command Usage
All new rules are appended to the end of the list.
Address bitmasks are similar to a subnet mask, containing four integers from 0 to 255, each separated by a period. The
binary mask uses 1 bits to indicate "match" and 0 bits to indicate "ignore." The bitmask is bitwise ANDed with the 21.
Includes TCP, UDP or other protocol types.
specified source IP address, and then compared with the address for each IP packet entering the port(s) to which this ACL
has been assigned.
• The following control codes may be specified:
-1 (fin) – Finish
-2 (syn) – Synchronize
-4 (rst) – Reset
-8 (psh) – Push
-16 (ack) – Acknowledgement
-32 (urg) – Urgent pointer
To define more than one control code, set the equivalent binary bit to "1" to indicate the
required codes. For Example, to set both SYN and ACK valid, use "control-code 18"
Example
Example
This
accepts any incoming packets if the source address is within subnet 10.7.1.x. For
matched; i.e., the rule (10.7.1.0 & 255.255.255.0) equals the masked address (10.7.1.2 & 255.255.255.0), the packet
passes through.
Console(config-ext-acl)# permit 10.7.1.1 255.255.255.0 any
Console(config-ext-acl)#
This allows TCP packets from class C addresses 192.168.1.0 to any destination address when set for destination TCP port
80 (i.e., HTTP).
Console(config-ext-acl)# permit 192.168.1.0 255.255.255.0 any
destination-port 80
Console(config-ext-acl)#
User's Manual of SGSD-1022 / SGSD-1022P
500
SGSW-2840 / SGSW-2840P
Example
, if the rule is
Hide quick links:
Advertisement
Table of Contents
