4 access-list (ip standard), 5 access-list(mac extended), Access – PLANET WGSW-50040 User Manual

Commands for Security Function Chapter 6 Commands for TACACS+

21.4 access-list (ip standard)

Command:

access-list <num> {deny | permit} {{<sIpAddr> <sMask >} | any-source| {host-source

<sIpAddr>}}

no access-list <num>

Functions:

Create a numeric standard IP access-list. If this access-list exists, then add a rule list; the “no

access-list <num>“operation of this command is to delete a numeric standard IP access-list.

Parameters:

<num> is the No. of access-list, 100-199;

<sIpAddr> is the source IP address, the format is dotted decimal notation;

<sMask > is the reverse mask of source IP, the format is dotted decimal notation.

Command Mode:

Global mode

Default:

No access-lists configured.

Usage Guide:

When the user assign specific <num> for the first time, ACL of the serial number is created, then

the lists are added into this ACL.

Examples:

Create a numeric standard IP access-list whose serial No. is 20, and permit date packets with

source address of 10.1.1.0/24 to pass, and deny other packets with source address of 10.1.1.0/16.

Switch(config)#access-list 20 permit 10.1.1.0 0.0.0.255

Switch(config)#access-list 20 deny 10.1.1.0 0.0.255.255

21.5 access-list(mac extended)

Command:

access-list <num> {deny | permit} {any-source-mac | {host-source-mac <host_smac>} |

{<smac> <smac-mask>}} {any-destination-mac | {host-destination-mac <host_dmac>} |

{<dmac> <dmac-mask>}} [untagged-eth2 | tagged-eth2 | untagged-802-3 | tagged-802-3]

no access-list <num>

Functions:

Define a extended numeric MAC ACL rule, “no access-list <num>” command deletes an extended

numeric MAC access-list rule.

Parameters: