Planet WGSW-28040 Command Manual page 56

match-all
Mode:
IP ACL Configuration
Usage Guide:
Use the permit command to add permit conditions for an IP ACE that bypass those packets hit the ACE. The
"sequence" also represents hit priority when ACL bind to an interface. An ACE not specifies "sequence" index would
assign a sequence index which is the largest existed index plus 20. If packet content can match more than one ACE,
the lowest sequence ACE is hit. An ACE can not be added if has the same conditions as existed ACE.
Example:
The example shows how to add a set of ACEs. You can verify settings by the following show acl command.
This command shows how to permit a source IP address subnet.
Switch(ip-al)# permit ip 192.168.1.0/255.255.255.0
This command shows how to permit ICMP echo-request packet with any IP address.
Switch(ip-al)# permit icmp any any echo-request any
This command shows how to permit any IP address HTTP packets with DSCP 5.
Switch(ip-al)# permit tcp any any any www dscp 5
This command shows how to permit any source IP address SNMP packet connect to destination IP address
192.168.1.1.
Switch(ip-al)# permit udp any any 192.168.1.1/255.255.255.255 snmp
Switch(ip-al)# show acl
IP access list iptest
sequence 1 permit ip 192.168.1.0/255.255.255.0 any
sequence 21 permit icmp any any echo-request any
sequence 41 permit tcp any any any www dscp 5
sequence 61 permit udp any any 192.168.1.1/255.255.255.255 snmp
Specify tcp flag for TCP packet. If a flag should be set it is prefixed by \"+\".If a flag
should be unset it is prefixed by \"-\". Available options are +urg, +ack, +psh, +rst, +syn,
+fin, -urg, -ack, -psh, -rst, -syn and -fin.To define more than 1 flag - enter additional
flags one after another without a space (example +syn-ack).
Command Guide of WGSW-28040
56