Dell Force10 S2410-01-10GE-24P Command Reference Manual page 380
Sftos command reference
Hide thumbs
Also See for Force10 S2410-01-10GE-24P:
- Configuration manual (306 pages) ,
- Manual (42 pages) ,
- Quick start manual (31 pages)
Table of Contents
Advertisement
Syntax
Parameters
|
ACL Commands
380
IP Standard ACL:
OOEnn6ganC
{deny | permit} {every |
1-99
[{mirror | redirect}
unit/slot/port
The mirror option is supported in the S50V and S25P models only.
Note:
IP Extended ACL:
access-list
{deny | permit} {every | icmp | igmp | ip | tcp | udp |
100-199
} {any | eq {
{any |
srcip srcmask
0-65535
}] [precedence
precedence
queue-id
] [redirect
unit/slot/port
Use the no access-list
ACLnumber
number in the range
1-199
).
and
1-99
100-199
deny
permit
|
every
|
srcip srcmask
every | icmp
igmp
|
ip
tcp
udp
|
|
|
|
protocol_number
any|
srcip
and
srcmask
any|eq
portkey
{
{
|
0-65535
}]
any|
dstip dstmask
{
}
eq
portkey
{
|
0-65535
}
precedence
[
tos
precedence
tos
|
dscp
tosmask
dscp
|
]
srcip srcmask
]
portkey
|
0-65535
}{any |
| tos
tos tosmask
]
version of this command to delete an ACL (identified by a
Assign an integer in the range 1 to 99 to an access list for an IP standard ACL. Use
an integer in the range 100 to 199 for an IP extended ACL.
Specify whether the IP ACL rule permits or denies an action.
For an IP Standard ACL, select the source to filter. Enter either the keyword
every
, to match every packet, or use the
specify a source IP address and source mask for a match condition of the ACL
srcmask
rule (
is an inverse mask, also called a wildcard mask, as described at
the beginning of this chapter).
For an IP Extended ACL, you have three choices for the source to filter:
every
•
As above, the keyword
•
The other keywords specify the protocol to filter— ICMP, IGMP, IP, TCP, or
UDP.
•
Otherwise, enter the protocol number to match, from 1 to 255.
any
Enter either
, to match any source IP address, or use the
parameters to specify a source IP address and source mask for a match condition
srcmask
of the ACL rule (
is an inverse mask, also called a wildcard mask, as
described at the beginning of this chapter).
For an IP Extended ACL, specify the source Layer 4 port match condition for the
IP ACL rule. You can enter:
any
•
the keyword
, to accept any Layer 4 port ID
eq
•
the keyword
and then enter either:
portkey
•the
, which can be one of the following keywords:
echo
ftp
ftpdata
,
,
,
Each of these values translates into its equivalent port number, which is
used as both the start and end of a port range.
•the Layer 4 port number, which ranges from 0-65535
For an IP Extended ACL, specify a destination IP address and destination mask
for the match condition of the ACL rule (
This option is available for both
as defined above.
(OPTIONAL) For an IP Extended ACL, specifies the type of service (TOS) for
an IP ACL rule depending on a match of precedence or DSCP values using the
precedence
tos/tosmask
parameters
,
} [log] [assign-queue
queue-id
protocol_number
dstip dstmask
} [eq {
| dscp
dscp
] [log] [assign-queue
srcip
srcmask
and
matches every packet.
http
smtp
snmp
telnet
tftp
,
,
,
,
dstmask
is an inverse mask, as above).
any
dstip dstmask,
and
and the variables are
dscp
,
.
]
}
portkey
|
parameters to
srcip
srcmask
and
domain
,
www
, or
.
- Quick Links:
- Quick Starting the Switch
Hide quick links:
Advertisement
Table of Contents
