3 access-list (ip extended), Access, List – PLANET WGSW-50040 User Manual
Page 315: Ip extended
Commands for Security Function Chapter 6 Commands for TACACS+
21.3 access-list (ip extended)
Command:
access-list <num> {deny | permit} icmp {{<sIpAddr> <sMask>} | any-source | {host-source
<sIpAddr>}} {{<dIpAddr> <dMask>} | any-destination | {host-destination <dIpAddr>}}
[<icmp-type> [<icmp-code>]] [precedence <prec>] [tos
<tos>][time-range<time-range-name>]
access-list <num> {deny | permit} igmp {{<sIpAddr> <sMask>} | any-source | {host-source
<sIpAddr>}} {{<dIpAddr> <dMask>} | any-destination | {host-destination <dIpAddr>}}
[<igmp-type>] [precedence <prec>] [tos <tos>][time-range<time-range-name>]
access-list <num> {deny | permit} tcp {{ <sIpAddr> <sMask> } | any-source | {host-source
<sIpAddr> }} [s-port { <sPort> | range <sPortMin> <sPortMax> }] {{ <dIpAddr> <dMask> } |
any-destination | {host-destination <dIpAddr> }} [d-port { <dPort> | range <dPortMin>
<dPortMax> }] [ack+ fin+ psh+ rst+ urg+ syn] [precedence <prec> ] [tos <tos> ][time-range
<time-range-name> ]
access-list <num> {deny | permit} udp {{ <sIpAddr> <sMask> } | any-source | {host-source
<sIpAddr> }} [s-port { <sPort> | range <sPortMin> <sPortMax> ] {{ <dIpAddr> <dMask> } |
any-destination | {host-destination <dIpAddr> }} [d-port { <dPort> | range <dPortMin>
<dPortMax> }] [precedence <prec> ] [tos <tos> ][time-range <time-range-name> ]
access-list <num> {deny | permit} {eigrp | gre | igrp | ipinip | ip | ospf | <protocol-num> }
{{ <sIpAddr> <sMask> } | any-source | {host-source <sIpAddr> }} {{ <dIpAddr> <dMask> } |
any-destination | {host-destination <dIpAddr> }} [precedence <prec> ] [tos
<tos> ][time-range <time-range-name> ]
no access-list <num>
Functions:
Create a numeric extended IP access rule to match specific IP protocol or all IP protocol; if
access-list of this coded numeric extended does not exist, thus to create such a access-list.
Parameters:
<num> is the No. of access-list, 100-299;
<protocol> is the No. of upper-layer protocol of ip, 0-255;
<sIpAddr> is the source IP address, the format is dotted decimal notation;
<sMask > is the reverse mask of source IP, the format is dotted decimal notation;
<dIpAddr> is the destination IP address, the format is dotted decimal notation;
<dMask> is the reverse mask of destination IP, the format is dotted decimal notation, attentive
position o, ignored position1;
<igmp-type>,the type of igmp, 0-15;
<icmp-type>, the type of icmp, 0-255;
<icmp-code>, protocol No. of icmp, 0-255;
<prec>, IP priority, 0-7;