1 access-list, Access-list - 24, Quality of service (qos) commands at8402 – Kontron AT8402 CLI User Manual
Page 136
Quality of Service (QoS) Commands
AT8402
AT8402 CLI Reference Manual
Page 3 - 24
•
The maximum number of rules per IP ACL is hardware dependent.
•
If you configure a MAC ACL on an interface, you cannot configure an IP ACL on
the same interface.
•
Wildcard masking for ACLs operates differently from a subnet mask. A wildcard
mask is in essence the inverse of a subnet mask. With a subnet mask, the mask has
ones (1's) in the bit positions that are used for the network address, and has zeros
(0's) for the bit positions that are not used. In contrast, a wildcard mask has (0’s) in
a bit position that must be checked. A ‘1’ in a bit position of the ACL mask indi-
cates the corresponding bit can be ignored.
3.8.1
access-list
This command creates an IP Access Control List (ACL) that is identified by the access
list number, which is 1-99 for standard ACLs or 100-199 for extended ACLs
.
Table 4.2 describes the parameters for the
access-list
command.
IP Standard ACL:
Format
access-list
<1-99> {deny | permit} {every | <srcip> <src-
mask>} [log] [assign-queue <queue-id>]
Mode
Global Config
IP Extended ACL:
Format
access-list <100-199> {deny | permit} {every | icmp | igmp
| ip | tcp | udp | <number>} {any | <srcip> <srcmask>}
{any | eq {<portkey> | <0-65535>} | <dstip> <dstmask>}
[eq {<portkey> | <0-65535>}] [{precedence <precedence> |
tos <tos> <tosmask> | dscp <dscp>}] [log] [assign-queue
<queue-id>]
Mode
Global Config
Table 4.2. ACL Command Parameters
Parameter
Description
<1-99> or <100-199>
Range 1 to 99 is the access list number for an IP stan-
dard ACL. Range 100 to 199 is the access list number
for an IP extended ACL.
{deny | permit}
Specifies whether the IP ACL rule permits or denies an
action.
Note: Assign-queue attributes are configurable for a
deny rule, but they have no operational effect.
every
Match every packet
{icmp | igmp | ip | tcp | udp |
<number>}
Specifies the protocol to filter for an extended IP ACL
rule.
<srcip> <srcmask>
Specifies a source IP address and source netmask for
match condition of the IP ACL rule.