Asus GigaX2024SX User Manual

packet entering the port(s) to which this ACL has been assigned.

Example
This example configures one permit rule for the specific address 10.1.1.21 and
another rule for the address range 168.92.16.x – 168.92.31.x using a bitmask.

Related Commands
access-list ip (4-121)

his command adds a rule to an Extended IP ACL. The rule sets a filter condition

ets with specific source or destination IP addresses, protocol types,

control codes. Use the no form to

re
S

eny} [protocol-number | udp]

{a

dress-bitmask | host source}

address-bitmask | host destination}

[p

e] [tos tos] [dscp dscp]

rt [end]] [destination-port start [end]]

urce address-bitmask | host source}

any

ask | host destination}

[precedence precedence] [tos tos] [dscp dscp]

t [end]]

• protocol-number – A specific protocol number. (Range: 0-255)

estination IP address.

ress-bitmask – Decimal number representing the address bits to match.

followed by a specific IP address.

ype of Service level. (Range: 0-15)

• dscp – DSCP priority level. (Range: 0-63)
• start – Port number or the lower bound of its range (Range: 0-65535)
• end – Upper bound of the source port range. (Range: 0-65535)
• control-flags – Decimal number (representing a bit string) that specifies flag
bits in byte 14 of the TCP header. (Range: 0-63)
• flag-bitmask – Decimal number representing the code bits to match.
(Range: 0-63)

Default Setting
None
Command Mode
Extended ACL
Command Usage

permit, deny (Extended ACL)
T
for pack
source or destination protocol ports, or TCP

move a rule.

yntax

[no] {permit | d

ny | source ad

{any | destination

recedence precedenc

[source-port spo
[no] {permit | deny} tcp
{any | so

| destination address-bitm

{

[source-port start [end]] [destination-port star
[control-flag control-flags flag-bitmask]

• source – Source IP address.
• destination – D
• add
• host – Keyword
• precedence – IP precedence level. (Range: 0-7)
• tos – T

4-93