6 access-list(mac-ip extended) – Accton Technology ES4626 User Manual

Page 758

Advertising
background image

758

<num>

is the access-list No. which is a decimal’s No. from 1100-1199; deny if rules are

matching, deny access; permit if rules are matching, permit access; <any-source-mac>

any source address; <any-destination-mac> any destination address; <host_smac>,

<sumac>

source MAC address; <sumac-mask> mask (reverse mask) of source MAC

address; <host_dmac> , <dmac> destination MAC address; <dmac-mask> mask

(reverse mask) of destination MAC address; untagged-eth2 format of untagged ethernet

II packet; tagged-eth2 format of tagged ethernet II packet; untagged-802-3 format of

untagged ethernet 802.3 packet; tagged-802-3 format of tagged ethernet 802.3 packet;

Offset(x)

the offset from the packet head, the range is (12-79), the windows must start

from the back of source MAC, and the windows cannot superpose each other, and that is
to say: Offset(x+1) must be longer than Offset(x)+len(x); Length(x) length is 1-4 ,

and Offset(x)Length(x) must be no longer than 80currently must be no longer

64; Value(x) hex expression, Value range

: when Length(x) =1, it is 0-ff , when

Length(x)

=2, it is 0-ffff , when Length(x) =3, it is0-ffffff, when Length(x) =4, it is 0-ffffffff ;

For Offset(x), different types of data frames are with different value ranges:
for untagged-eth2 type frame: <12~52>

for untagged-802.2 type frame: <12~60>

for untagged-eth2 type frame: <12~56>

for untagged-eth2 type frame: <12~64>

Command Mode:

Global mode

Default Configuration :

No access-list configured

Usage Guide

: When the user assign specific <num> for the first time, ACL of the serial

number is created, then the lists are added into this ACL.

Examples:

Permit tagged-eth2 with any source MAC addresses and any destination

MAC addresses and the packets whose 15

th

and 16

th

byte is 0x08 , 0x0 to pass, and

Switch(Config)#access-list 1100 permit any-source-mac any-destination-mac tagged-eth2

14 2 0800

18.2.2.6 access-list(mac-ip extended)

Command:

access-list<num>{deny|permit}{any-source-mac|

{host-source-mac<host_smac>}|{<smac><smac-mask>}}

{any-destination-mac|{host-destination-mac

<host_dmac>}|{<dmac><dmac-mask>}}icmp

{{<source><source-wildcard>}|any|{host<source-host-ip>}}

{{<destination><destination-wildcard>}|any-destination|

{host-destination<destination-host-ip>}}[<icmp-type> [<icmp-code>]] [precedence

<precedence>] [tos <tos>][time-range<time-range-name>]

Advertising
This manual is related to the following products:

ES4650, ES4624-SFP, ES4626-SFP

Popular Brands
Popular manuals