ProSAFE M7100 Managed Switches
access-list
This command creates an IP access control list (ACL) that is identified by the access list number,
which is 1-99 for standard ACLs or 100-199 for extended ACLs.
For extended ACLs, note the following limitations:
•
Match-on-port ranges are not supported for egress ACLs.
•
Match-on-fragments is not supported for egress ACLs.
•
Rate limiting is not supported for egress ACLs.
IP Standard ACL:
Format
access-list <1-99> {deny | permit} {every | <srcip> <srcmask>} [log]
[rate-limit <1-4294967295> <1-128>][assign-queue <queue-id>]
[{mirror | redirect} <slot/port>]
Mode
Global Config
IP Extended ACL:
Format
access-list <100-199> {deny | permit} {every | {{<protolkey> |
<0-255>} {<srcip> <srcmask> | any | host <srcip>} [{range {<portkey>
| <startport>} {<portkey> | <endport>}} | {eq | neq | lt | gt}
{<portkey> | <0-65535>}] {<dstip> <dstmask> | any | host <dstip>}
[{range {<portkey> | <startport>} {<portkey> | <endport>}} | {eq |
neq | lt | gt} {<portkey> | <0-65535>}] [flag [+fin | -fin] [+syn |
-syn] [+rst | -rst] [+psh | -psh] [+ack | -ack] [+urg | -urg]
[established]] [icmp-type <icmp-type> [icmp-code <icmp-code>] |
icmp-message <icmp-message>] [fragments] [precedence <precedence> |
tos <tos> [<tosmask>] | dscp <dscp>]}} [time-range
<time-range-name>] [log] [assign-queue <queue-id>] [{mirror |
redirect} <unit/slot/port>] [rate-limit <rate> <burst-size>]
Mode
Global Config
Parameter
access list <1-99>
access list <100-199>
deny or permit
every
protocolkey or number
Description
The access list number for an IP standard ACL. The range is from 1 to
99.
The access list number for an IP extended ACL. The range is from 100
to 199.
Specifies the action of the IP ACL rule:
• deny. The IP ACL rule denies the action.
• permit. The IP ACL rule permits the action.
The IP ACL matches every packet
Specifies either the supported protocol key or the protocol number of
the protocol to filter for an extended IP ACL rule:
• protocolkey. The supported protocol key that you can enter is eigrp,
gre, icmp, igmp, ip, ipinip, ospf, pim, tcp, or udp.
• number. Enter a number from 0 to 255.
Quality of Service (QoS) Commands
255