Ip Extended Acl - NETGEAR M6100 Series Reference Manual

IP Extended ACL:

Format
access-list 100-199 {deny | permit} {every | {{eigrp | gre | icmp | igmp | ip
| ipinip | ospf | pim | tcp | udp | 0-255} {srcip srcmask | any |host srcip}
[range {portkey | startport} {portkey | endport} {eq | neq | lt | gt}
{portkey | 0-65535} {dstip dstmask | any | host dstip} [{range {portkey |
startport} {portkey | endport} | {eq | neq | lt | gt} {portkey | 0-65535}]
[flag [+fin | -fin] [+syn | -syn] [+rst | -rst] [+psh | -psh] [+ack | -ack]
[+urg | -urg] [established]] [icmp-type icmp-type [icmp-code icmp-code] |
icmp-message icmp-message] [igmp-type igmp-type] [fragments] [precedence
precedence | tos tos [tosmask] | dscp dscp]}} [time-range time-range-name]
[log] [assign-queue queue-id] [{mirror | redirect} unit/slot/port]
[rate-limit rate burst-size]
Mode Global Config
IPv4 extended ACLs have the following limitations for egress ACLs:
• Match on port ranges is not supported.
• The rate-limit command is not supported.
Table 16. ACL command parameters
Parameter
1-99 or 100-199
{deny | permit}
every
{eigrp | gre | icmp | igmp | ip |
ipinip | ospf | pim | tcp | udp |
0-255}
srcip srcmask | any | host scrip Specifies a source IP address and source netmask for match condition of
M6100 Series Switches
Description
Range 1 to 99 is the access list number for an IP standard ACL. Range 100
to 199 is the access list number for an IP extended ACL.
Specifies whether the IP ACL rule permits or denies an action.
Note: For 5630x and 5650x-based systems, assign-queue, redirect, and
mirror attributes are configurable for a deny rule, but they have no
operational effect.
Match every packet.
Specifies the protocol to filter for an extended IP ACL rule.
the IP ACL rule.
Specifying any specifies srcip as 0.0.0.0 and srcmask as
255.255.255.255.
Specifying host A.B.C.D specifies srcip as A.B.C.D and srcmask as
0.0.0.0.
Quality of Service Commands
1034