Policy commands – Lucent Technologies Cajun Switch P220 User Manual
Page 35
Cajun P220, P550, P550R Switch Release Notes, Release 4.0.1
35
Policy Commands
Table 1-12 shows new and changed Policy Commands in Release 4.0.1:
Table 1-12: Policy Commands
Old Command
New Command
New Definition/Argument
To Enable:
ip access-group
<access-list-name>
[default-action-deny]
To Disable:
[no] ip access-group
N/A
There is no default.
To Enable:
ip access-list
<access-list-name>
<access-list-index>
{permit|deny|fwd[1-8]}
{<source-ip-addr>
[<source-wildcard>]
|any|host <source-ip-
addr>}
To Enable:
[ip] access-list
<access-list-name>
<access-list-index>
{permit|deny|fwd1-8}
<protocol-id>{<source-
ip-addr> <source-
wildcard>|any|host
<source-ip-addr> }
[{lt|eq|gt|range}
<port> [<port>]]
{<dest-ip-addr> <dest-
wildcard> | any | host
<dest-ip-addr> }
[{lt|eq|gt|range}
<port> [<port>]]
[established]
• <protocol-id> – name or
number of an IP protocol. It can be
one of the keywords eigrp, gre,
icmp, igmp, igrp, ip, ipinip, nos,
ospf, tcp, or udp, or an integer in
the range 0 to 255 representing an
IP protocol number. To match any
Internet protocol (including ICMP,
TCP, and UDP) use the keyword
ip.
• <dest-ip-addr> – number of
the network or host to which the
packet is being sent. Use a 32-bit
quantity in four-part, dotted-
decimal format. Use the keyword
any as an abbreviation for a dest
and dest -wildcard of 0.0.0.0 and
255.255.255.255. Use "host <dest-
ip-addr>" as an abbreviation for a
destination with dest-wildcard of
0.0.0.0.
To Disable:
[no] ip access-list
<access-list-name>
[<access-list-index>]
To Disable:
N/A
• <dest-wildcard> – wildcard
bits to be applied to the
destination. Use a 32-bit quantity
in four-part, dotted-decimal
format. Place ones in the bit
positions you want to ignore.
• operator – (Optional) Compares
source or destination ports.
Possible operands include: lt = less
than, gt =greater than, eq=equal,
neq =not equal, and range
=inclusive range.
If the operator is positioned after the
source and source-wildcard, it must
match the source port.
If the operator is positioned after the
destination and destination-wildcard,
it must match the destination port.