1 no access-list, 2 ip access-list, Ip access-list - 31 – Kontron AT8404 CLI User Manual

AT8404

Quality of Service (QoS) Commands

Page 3 - 31

AT8404 CLI Reference Manual

3.8.1.1

no access-list

This command deletes an IP ACL that is identified by the parameter <accesslistnumber> from the system. The
range for <accesslistnumber> 1-99 for standard access lists and 100-199 for extended access lists.

3.8.2

ip access-list

This command creates an extended IP Access Control List (ACL) identified by <name>, consisting of classification
fields defined for the IP header of an IPv4 frame. The <name> parameter is a case-sensitive alphanumeric string
from 1 to 31 characters uniquely identifying the IP access list.

If an IP ACL by this name already exists, this command enters IPv4-Access_List config mode to allow updating the
existing IP ACL.

Table 2: ACL Command Parameters

Parameter

Description

<1-99> or <100-199>

Range 1 to 99 is the access list number for an IP standard ACL. Range

100 to 199 is the access list number for an IP extended ACL.

{deny | permit}

Specifies whether the IP ACL rule permits or denies an action.

Note: For 5630x and 5650x-based systems, assign-queue, redirect,

and mirror attributes are configurable for a deny rule, but they have

no operational effect.

every

Match every packet

{icmp | igmp | ip | tcp | udp |
<number>}

Specifies the protocol to filter for an extended IP ACL rule.

<srcip> <srcmask>

Specifies a source IP address and source netmask for match condition

of the IP ACL rule.

[{eq {<portkey> |
<0-65535>}]

Specifies the source layer 4 port match condition for the IP ACL rule.

You can use the port number, which ranges from 0-65535, or you

specify the <portkey>, which can be one of the following keywords:

domain, echo, ftp, ftpdata, http, smtp, snmp,

telnet, tftp, and www. Each of these keywords translates into its

equivalent port number, which is used as both the start and end of a

port range.

<dstip> <dstmask>

Specifies a destination IP address and netmask for match condition of

the IP ACL rule.

[precedence <precedence> | tos
<tos> <tosmask> | dscp <dscp>]

Specifies the TOS for an IP ACL rule depending on a match of

precedence or DSCP values using the parameters dscp,

precedence, tos/tosmask.

[log]

Specifies that this rule is to be logged.

[assign-queue <queue-id>]

Specifies the assign-queue, which is the queue identifier to which

packets matching this rule are assigned.

[{mirror | redirect} <slot/
port>]

For Broadcom 5650x platforms, specifies the mirror or redirect

interface which is the slot/port to which packets matching this rule are

copied or forwarded, respectively. The mirror and redirect

parameters are not available on the Broadcom 5630x platform.

Format

no access-list <accesslistnumber>

Mode

Global Config

Note: The CLI mode changes to IPv4-Access-List Config mode when you successfully execute this
command.