Table of Contents
Advertisement
Configuring ACL
ADD ACCESSLIST RULE
Syntax
ADD ACCESSLIST=accesslistname
[ DEFAULTRULE { PERMIT | DENY } ]
[ IPSOURCE={ ipaddress| ANY }
[ SOURCEMASK=mask ] ]
[ IPDEST={ ipaddress | ANY } [ DESTMASK=mask] ]
[ MACSOURCE={ macaddress | ANY } ]
[ MACDEST={ macaddress | ANY } ]
[APPLICATION={ DHCPSERVER | DHCPCLIENT | NETBIOS | FUM | TELNET |
SSH | SNMP| FTP | TFTP } ]
[ TCPPORTDEST={ tcp-port-list | ANY } ]
[ TCPPORTSOURCE={tcp-port | ANY } ]
[ UDPPORTDEST={ udp-port-list | ANY } ]
[ UDPPORTSOURCE={ udp-port | ANY } ]
[ PROTOCOL={ IPV4 | IPV6 | protocol-type | ANY } ]
[IPPROTOCOL={ TCP | UDP | ICMP | IGMP | ipprotocol-type | ANY } ]
[ BEFORE=rulenumber ]
Adds a RULE to an ACCESSLIST. An ACCESSLIST RULE has:
Description
- A match rule, which is a set of fieldname/fieldvalue pairs that discriminate among pack-
ets. A packet matches this rule only if all of the specified fields have the values specified. A
match rule with no fieldname/fieldvalue pairs specified would match all packets.
- The action that is to be performed if the incoming packet matches the RULE's match
rule. The valid actions are PERMIT and DENY.
The following table gives the range of values for each option that can be specified with
Options
this command and a default value (if applicable).
Option
ACCESSLIST
RULE
match rule
BEFORE
Example
ADD ACCESSLIST=iparpfilt IPSOURCE=ANY
Software Reference for SwitchBlade x3100 Series Switches (Access and Security)
Description
The ACCESSLIST Name that already exists.
PERMIT
DENY
Refer to
Table
6-7.
BEFORE can be used to place the new RULE before an
existing rule in the ACCESSLIST. A RULE that is
BEFORE another RULE in the list has higher prece-
dence.
Introduction
Default Value
DENY
RULE placed
BEFORE default
rule.
6-41
Advertisement
Chapters
Table of Contents
Troubleshooting
