7 access-list(mac standard) – Accton Technology ES4626 User Manual

760

0-255 of list No. of IP address. Use key word ‘ip’ to match all Internet protocols (including

ICMP, TCP, AND UDP) list; source-host-ip, source No. of source network or source

host of packet delivery. Numbers of 32-bit binary system with dotted decimal notation

expression; host: means the address is the IP address of source host, otherwise the IP

address of network; source-wildcard: reverse of source IP. Numbers of 32-bit binary

system expressed by decimal’s numbers with four-point separated, reverse mask;

destination-host-ip, destination No. of destination network or host to which packets are

delivered. Numbers of 32-bit binary system with dotted decimal notation expression; host:

means the address is the that the destination host address, otherwise the network IP

address; destination-wildcard: mask of destination. I Numbers of 32-bit binary system

expressed by decimal’s numbers with four-point separated, reverse mask;

s-port(optional): means the need to match TCP/UDP source port; port1(optional): value of

TCP/UDP source interface No., Interface No. is an integer from 0-65535; d-port(optional):

means need to match TCP/UDP destination interface; port3(optional): value of TCP/UDP

destination interface No., Interface No. is an integer from 0-65535; [ack] [fin] [psh] [rst]

[urg] [syn], (optional) only for TCP protocol, multi-choices of tag positions are available,

and when TCP data reports the configuration of corresponding position, then

initialization of TCP data report is enabled to form a match when in connection;

precedence (optional) packets can be filtered by priority which is a number from 0-7; tos

(optional) packets can be filtered by service type which ia number from 0-15; icmp-type

(optional) ICMP packets can be filtered by packet type which is a number from 0-255;

icmp-code (optional) ICMP packets can be filtered by packet code which is a number

from 0-255; igmp-type (optional) ICMP packets can be filtered by IGMP packet name or

packet type which is a number from 0-255; <time-range-name>, name of time range

Command Mode: Global mode

Default Configuration :

no access-list configured

Usage Guide:

When the user assign specific <num> for the first time, ACL of the serial

number is created, then the lists are added into this ACL.

Examples:

Permit the passage of TCP packet with source MAC 00-12-34-45-XX-XX, any

destination MAC address, source IP address 100.1.1.0 0.255.255.255, and source port

100 and destination interface 40000.

Switch(Config)#access-list 3199 permit 00-12-34-45-67-00 00-00-00-00-FF-FF

any-destination-mac tcp 100.1.1.0 0.255.255.255 s-port 100 any-destination d-port 40000

18.2.2.7 access-list(mac standard)

Command: access-list <num> {deny|permit} {any-source-mac | {host-source-mac

<host_smac> } | {<smac> <smac-mask>} }

no access-list <num>