D-Link DXS-3600 Series Reference Manual page 58
Dxs-3600 series layer 2/3 managed 10gigabit ethernet switch
Hide thumbs
Also See for DXS-3600 Series:
- Cli reference manual (1456 pages) ,
- Reference manual (680 pages) ,
- Hardware installation manual (55 pages)
Table of Contents
Advertisement
DXS-3600 Series Layer 3 Managed 10Gigabit Ethernet Switch CLI Reference Guide
ICMP-CODE
ICMP-MESSAGE
Default
None.
Command Mode
Extended Expert Access-list Configuration Mode.
Command Default Level
Level: 12.
Usage Guideline
If a rule entry is created without a sequence number, a sequence number will be automatically assigned.
If it is the first entry, the sequence number 10 is assigned. A subsequent rule entry will be assigned a
sequence number that is 10 greater than the largest sequence number in that access list and is placed at
the end of the list.
The user can use the command access-list sequence to change the start sequence number and
increment number for the specified access list. After the command is applied, the new rule without
specified sequence number will be assigned sequence based new sequence setting of the specified
access list.
When you manually assign the sequence number, it is better to have a reserved interval for future lower
sequence number entries. Otherwise, it will create extra effort to insert an entry with a lower sequence
number.
The sequence number must be unique in the domain of an access-list. If you enter a sequence number
that is already present, an error message will be shown.
Even if the fragment parameter of the tcp, udp and icmp parameters of the permit | deny (expert
access-list) command is removed, the user can still use the PROTOCOL option of the permit | deny
(expert access-list) command to configure the fragment parameter.
Example
This example shows how to use the extended expert ACL. The purpose is to deny all the TCP packets
with the source IP address 192.168.4.12 and the source MAC address 00:13:00:49:82:72.
Switch# configure terminal
Switch(config)# expert access-list extended exp_acl
Switch(config-exp-nacl)# deny tcp host 192.168.4.12 host 0013.0049.8272 any any
Switch(config-exp-nacl)# end
Switch# show access-lists
Extended Expert access list exp_acl(ID: 9999)
10 deny tcp host 192.168.4.12 host 0013.0049.8272 any any
Switch#
(Optional) Specifies the ICMP message code. The valid number for the
message code is from 0 to 255.
(Optional) Specifies the ICMP message. The following pre-defined
parameters are available for selection: beyond-scope, destination-
unreachable, echo-reply, echo-request, header, hop-limit, mld-query,
mld-reduction, mld-report, nd-na, nd-ns, next-header, no-admin, no-
route, packet-too-big, parameter-option, parameter-problem, port-
unreachable, reassembly-timeout, redirect, renum-command, renum-
result, renum-seq-number, router-advertisement, router-renumbering,
router-solicitation, time-exceeded, unreachable.
58
Advertisement
Table of Contents
