Table of Contents
Advertisement
<sMask>} | any-source | {host-source <sIpAddr>}} {{<dIpAddr> <dMask>} |
any-destination
|
<tos>][time-range<time-range-name>]
Functions: Create a name extended IP access rule to match specific IP protocol or all IP
protocol;
Parameters: <sIpAddr> is the source IP address, the format is dotted decimal notation;
<sMask > is the reverse mask of source IP, the format is dotted decimal notation;
<dIpAddr> is the destination IP address, the format is dotted decimal notation; <dMask>
is the reverse mask of destination IP, the format is dotted decimal notation, attentive
position o, ignored position 1; <igmp-type>, the type of igmp, 0-15; <icmp-type>, the
type of icmp, 0-255 ; <icmp-code>, protocol No. of icmp, 0-255; <prec>, IP priority, 0-7;
<tos>, to value, 0-15; <sPort>, source port No., 0-65535; <sPortMin>, the down
boundary of source port; <sPortMax>, the up boundary of source port; <dPort>,
destination port No. 0-65535; <dPortMin>, the down boundary of destination
port;<dPortMax>, the up boundary of destination port; <time-range-name>, time range
name.
Command Mode: Name extended IP access-list configuration mode
Default: No access-list configured
Examples: Create the extended access-list, deny icmp packet to pass, and permit udp
packet with destination address 192. 168. 0. 1 and destination port 32 to pass.
Switch(Config)# access-list ip extended udpFlow
Switch(Config-Ext-Nacl-udpFlow)# deny igmp any any-destination
Switch(Config-Ext-Nacl-udpFlow)# permit udp any host-destination 192.168.0.1 d-port 32
22.2.2.11 permit | deny(ip standard)
Command:{deny | permit} {{<sIpAddr> <sMask>} | any | {host <sIpAddr>}}
no {deny | permit} {{<sIpAddr> <sMask>} | any | {host<sIpAddr>}}
Functions: Create a name standard IP access rule, and 'no {deny | permit}
{{<sIpAddr> <sMask>} | any | {host <sIpAddr>}}' action of this command deletes this
name standard IP access rule.
Parameters: <sIpAddr> is the source IP address, the format is dotted decimal notation;
<sMask > is the reverse mask of source IP, the format is dotted decimal notation;
Command Mode: Name standard IP access-list configuration mode
Default: No access-list configured
Usage Guide:
Example: Permit packets with source address 10.1.1.0/24 to pass, and deny other
packets with source address 10.1.1.0/16.
Switch(Config)# access-list ip standard ipFlow
{host-destination
<dIpAddr>}}
[precedence
807
<prec>]
[tos
- Quick Links:
- Management Via Http
- Cli Interface
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
