PLANET WGSW-50040 User Manual
Page 177
24-6
Global Mode
access-list <num> {deny | permit} {{<sIpAddr>
<sMask>} | any-source | {host-source <sIpAddr>}}
no access-list <num>
Creates a numbered standard IP
access-list, if the access-list
already exists, then a rule will
add to the current access-list;
the “no access-list
<num>“ command deletes a
numbered standard IP
access-list.
(2) Configuring a numbered extensive IP access-list
Command
Explanation
Global Mode
access-list <num> {deny | permit} icmp {{<sIpAddr>
<sMask>} | any-source | {host-source <sIpAddr>}}
{{<dIpAddr> <dMask>} | any-destination |
{host-destination <dIpAddr>}} [<icmp-type>
[<icmp-code>]] [precedence <prec>] [tos
<tos>][time-range<time-range-name>]
Creates a numbered ICMP
extended IP access rule; if the
numbered extended access-list of
specified number does not exist,
then an access-list will be created
using this number.
a access-list <num> {deny | permit} igmp
{{<sIpAddr> <sMask>} | any-source | {host-source
<sIpAddr>}} {{<dIpAddr> <dMask>} | any-destination
| {host-destination <dIpAddr>}} [<igmp-type>]
[precedence <prec>] [tos
<tos>][time-range<time-range-name>]
Creates a numbered IGMP
extended IP access rule; if the
numbered extended access-list of
specified number does not exist,
then an access-list will be created
using this number.
access-list <num> {deny | permit} tcp {{<sIpAddr>
<sMask>} | any-source | {host-source <sIpAddr>}}
[s-port { <sPort> | range <sPortMin> <sPortMax> }]
{{<dIpAddr> <dMask>} | any-destination |
{host-destination <dIpAddr>}} [d-port { <dPort> |
range <dPortMin> <dPortMax> }]
[ack+fin+psh+rst+urg+syn] [precedence <prec>] [tos
<tos>][time-range<time-range-name>]
Creates a numbered TCP
extended IP access rule; if the
numbered extended access-list of
specified number does not exist,
then an access-list will be created
using this number.
access-list <num> {deny | permit} udp {{<sIpAddr>
<sMask>} | any-source | {host-source <sIpAddr>}}
[s-port { <sPort> | range <sPortMin> <sPortMax> }]
{{<dIpAddr> <dMask>} | any-destination |
{host-destination <dIpAddr>}} [d-port { <dPort> |
range <dPortMin> <dPortMax> }] [precedence
<prec>] [tos <tos>][time-range<time-range-name>]
Creates a numbered UDP
extended IP access rule; if the
numbered extended access-list of
specified number does not exist,
then an access-list will be created
using this number.
access-list <num> {deny | permit} {eigrp | gre | igrp |
ipinip | ip | ospf | <protocol-num>} {{<sIpAddr>
<sMask>} | any-source | {host-source <sIpAddr>}}
Creates a numbered IP extended
IP access rule for other specific IP
protocol or all IP protocols; if the