Niveo Professional NGSME16T2H User Manual

Page 222

Advertising
background image

Chapter 4: Feature Configuration - CLI
Featuring Configuration

– CLI

NGSME16T2H User Manual | 222

Example:

Security/Network/ACL>policy 1 2

Access Control List

Syntax:

Security Network ACL Add [<ace_id>] [<ace_id_next>] [(port
<port_list>)] [(policy <policy> <policy_bitmask>)]
[<tagged>] [<vid>] [<tag_prio>] [<dmac_type>] [(etype
[<etype>] [<smac>] [<dmac>]) |

(arp [<sip>] [<dip>] [<smac>] [<arp_opcode>] [<arp_flags>]) |

(ip [<sip>] [<dip>] [<protocol>] [<ip_flags>]) |

(icmp [<sip>] [<dip>] [<icmp_type>] [<icmp_code>]
[<ip_flags>]) |

(udp [<sip>] [<dip>] [<sport>] [<dport>] [<ip_flags>]) |

(tcp [<sip>] [<dip>] [<sport>] [<dport>] [<ip_flags>]
[<tcp_flags>])]

[permit|deny] [<rate_limiter>] [<port_redirect>] [<mirror>]
[<logging>][<shutdown>]

Parameters:

<ace_id> : ACE ID (1-256), default: Next available ID

<ace_id_next> : Next ACE ID (1-256), default: Add ACE last

port : Port ACE keyword

<port_list> : Port list or 'all', default: All ports

policy : Policy ACE keyword

<policy> : Policy number (0-255)

<policy_bitmask>: Policy number bitmask (0x0-0xFF)

<tagged> : Tagged of frames: any|enable|disable

<vid> : VLAN ID (1-4095) or 'any'

<tag_prio> : VLAN tag priority (0-7) or 'any'

<dmac_type> : DMAC type:
any|unicast|multicast|broadcast

etype : Ethernet Type keyword

<etype> : Ethernet Type: 0x600 - 0xFFFF or 'any' but
excluding 0x800(IPv4) 0x806(ARP) and 0x86DD(IPv6)

<smac> : Source MAC address ('xx-xx-xx-xx-xx-xx'
or 'xx.xx.xx.xx.xx.xx' or 'xxxxxxxxxxxx', x is a hexadecimal

Advertising
This manual is related to the following products: