8 permit | deny(extended) – Accton Technology ES4710BD User Manual

Page 275

Advertising
background image

274

E

ES4710BD 10 Slots L2/L3/L4 Chassis Switch

Command: ip access-group [<num>|<acl-name> { in|out }

no ip access-group <name> { in|out }

Function: Applies an access list to the incoming direction on the port; the “no ip access-group

<name> {in|out}” command deletes the access list bound to the port.

Parameter: <name> is the name for access list; the character string length is 1 – 8.
Command mode: Physical Interface Mode
Default: No ACL is bound by default.
Usage Guide: Only one access rule can be bound to a port, application of an access list on the

outgoing direction is not supported yet.

Example: Binding access list “aaa” to the incoming direction of the port.
Switch(Config-Ethernet1/1)#ip access-group aaa in

12.2.2.8 permit | deny(extended)

Command: [no] {deny | permit} icmp {{<sIpAddr> <sMask>} | any-source | {host-source
<sIpAddr>}} {{<dIpAddr> <dMask>} | any-destination | {host-destination <dIpAddr>}}
[<icmp-type> [<icmp-code>]] [precedence <prec>] [tos <tos>]

[no] {deny | permit} igmp {{<sIpAddr> <sMask>} | any-source | {host-source <sIpAddr>}}

{{<dIpAddr> <dMask>} | any-destination | {host-destination <dIpAddr>}} [<igmp-type>]
[precedence <prec>] [tos <tos>]

[no] {deny | permit} tcp {{<sIpAddr> <sMask>} | any-source | {host-source <sIpAddr>}}

[s-port <sPort>] {{<dIpAddr> <dMask>} | any-destination | {host-destination <dIpAddr>}}
[d-port <dPort>] [ack | fin | psh | rst | syn | urg] [precedence <prec>] [tos <tos>]

[no] {deny | permit} udp {{<sIpAddr> <sMask>} | any-source | {host-source <sIpAddr>}}

[s-port <sPort>] {{<dIpAddr> <dMask>} | any-destination | {host-destination <dIpAddr>}}
[d-port <dPort>] [precedence <prec>] [tos <tos>]

[no] {deny | permit} {eigrp | gre | igrp | ipinip | ip | <int>} {{<sIpAddr> <sMask>} |

any-source | {host-source <sIpAddr>}} {{<dIpAddr> <dMask>} | any-destination |
{host-destination <dIpAddr>}} [precedence <prec>] [tos <tos>]

Function: Creates or deletes a name-based extended IP access rule for a specified IP protocol or all

IP protocols.

Parameters: <sIpAddr> is the source IP address in decimal format; <sMask > is the mask

complement of the source IP in decimal format; <dIpAddr> is the destination IP

address in decimal format; <dMask> is the mask complement of the destination IP in

decimal format, 0 for significant bit and 1 for ignored bit; <igmp-type> is the IGMP

type from 0 to 255; <icmp-type> is the ICMP type from 1 to 255; <icmp-code> is the

ICMP protocol number from 0 to 255; <prec> is the IP priority from 0 – 7; <tos> is the

tos value from 0 -15; <sPort> is the source port number from 0 – 65535; <dPort> is the

destination port number from 0 – 65535.

Command Mode: named-based extended IP ACL configuration mode

Default: No IP address is configured by default.

Example: Creating an extensive IP access list named “udpFlow”, denying IGMP packets and

allowing UDP packets destined for 192.168.0.1, port 32.

Advertising
See also other documents in the category Accton Technology Computer Accessories: