Deny | Permit} (Ip Acl) - NETGEAR M6100 Series Reference Manual
Hide thumbs
Also See for M6100 Series:
- Hardware installation manual (76 pages) ,
- Software setup manual (34 pages) ,
- Installation manual (20 pages)
Table of Contents
Advertisement
{deny | permit} (IP ACL)
This command creates a new rule for the current IP access list. Each rule is appended to the
list of configured rules for the list. A rule may either deny or permit traffic according to the
specified classification fields. At a minimum, either the every keyword or the protocol, source
address, and destination address values must be specified. The source and destination IP
address fields may be specified using the keyword any to indicate a match on any value in
that field. The remaining command parameters are all optional, but the most frequently used
parameters appear in the same relative order as shown in the command format.
Format
{deny | permit} {every | {{eigrp | gre | icmp | igmp | ip | ipinip | ospf |
pim | tcp | udp | 0-255} {srcip srcmask | any | host srcip} [{range {portkey
| startport} {portkey | endport} | {eq | neq | lt | gt} {portkey | 0-65535}]
{dstip dstmask | any | host dstip} [{range {portkey | startport} {portkey |
endport} | {eq | neq | lt | gt} {portkey | 0-65535} ] [flag [+fin | -fin]
[+syn | -syn] [+rst | -rst] [+psh | -psh] [+ack | -ack] [+urg | -urg]
[established]] [icmp-type icmp-type [icmp-code icmp-code] | icmp-message
icmp-message] [igmp-type igmp-type] [fragments] [precedence precedence | tos
tos [tosmask] | dscp dscp]}} [time-range time-range-name] [log] [assign-queue
queue-id] [{mirror | redirect} unit/slot/port] [rate-limit rate burst-size]
Mode
Ipv4-Access-List Config
Note:
The no form of this command is not supported, since the rules within
an IP ACL cannot be deleted individually. Rather, the entire IP ACL
must be deleted and respecified.
Note:
An implicit deny all IP rule always terminates the access list.
Note:
The mirror parameter allows the traffic matching this rule to be
copied to the specified unit/slot/port, while the redirect
parameter allows the traffic matching this rule to be forwarded to the
specified unit/slot/port. The assign-queue and redirect
parameters are only valid for a permit rule.
For IPv4, the following are not supported for egress ACLs:
•
A match on port ranges.
•
The rate-limit command.
The time-range parameter allows imposing time limitation on the IP ACL rule as defined by
the specified time range. If a time range with the specified name does not exist and the ACL
containing this ACL rule is applied to an interface or bound to a VLAN, then the ACL rule is
applied immediately. If a time range with specified name exists and the ACL containing this
M6100 Series Switches
Quality of Service Commands
1038
Advertisement
Chapters
Table of Contents
