Extreme Networks Summit 300-48 User Manual

114

Summit 300-48 Switch Software User Guide

Access Policies

create access-mask <access-mask name>
{dest-mac}
{source-mac}
{vlan }
{ethertype}
{tos | code-point}
{ipprotocol}
{dest-ip /<mask length>} {dest-L4port}
{source-ip /<mask length>}
{source-L4port | {icmp-type} {icmp-code}}
{permit-established}
{egressport}
{ports}
{precedence <number>}

Creates an access mask. The mask specifes
which packet fields to examine. Options include:

•

<acess-mask name>

— Specifies the

access mask name. The access mask name
can be between 1 and 31 characters.

•

dest-mac

— Specifies the destination MAC

address field.

•

source-mac

— Specifies the source MAC

address field.

•

vlan

— Specifies the VLANid field.

•

ethertype

— Specifies the Ethertype field.

•

tos

— Specifies the IP precedence field.

•

code-point

— Specifies the DiffServ code

point field.

•

ipprotocol

— Specifies the IP protocol

field.

•

dest-ip

— Specifies the IP destination field

and subnet mask. You must supply the
subnet mask.

•

dest-L4port

— Specifies the destination

port field.

•

source-ip

— Specifies the IP source

address field and subnet mask. You must
supply the subnet mask.

•

source-L4port

— Specifies the source

port field.

•

icmp-type

— Specify the ICMP type field.

•

icmp-code

— Specify the ICMP code field.

•

permit-established

— Specifies the TCP

SYN/ACK bit fields.

•

egressport

— Specify the egress port

•

ports

— Specifies the ingress port(s) on

which this rule is applied.

•

precedence

— Specifies the access mask

precedence number. The range is 1 to
25,600.

Table 39: Access Control List Configuration Commands (continued)

Command

Description