22 permit | deny(mac-ip extended), Permit, Deny – PLANET WGSW-50040 User Manual
Page 333: Ip extended
Commands for Security Function Chapter 6 Commands for TACACS+
21.22 permit | deny(mac-ip extended)
Command:
[no] {deny|permit} {any-source-mac|{host-source-mac<host_smac>}|{<smac><smac-mask>}}
{any-destination-mac|{host-destination-mac<host_dmac>}|{<dmac><dmac-mask>}}
icmp{{<source><source-wildcard>}|any-source|{host-source<source-host-ip>}}
{{<destination><destination-wildcard>}|any-destination|{host-destination
<destination-host-ip>}} [<icmp-type> [<icmp-code>]] [precedence <precedence>] [tos
<tos>][time-range<time-range-name>]
[no]{deny|permit}
{any-source-mac|{host-source-mac<host_smac>}|{<smac><smac-mask>}}
{any-destination-mac|{host-destination-mac<host_dmac>}|{<dmac><dmac-mask>}}
igmp{{<source><source-wildcard>}|any-source| {host-source<source-host-ip>}}
{{<destination><destination-wildcard>}|any-destination|{host-destination
<destination-host-ip>}} [<igmp-type>] [precedence <precedence>] [tos
<tos>][time-range<time-range-name>]
[no]{deny|permit}{any-source-mac|{host-source-mac <host_smac> }| { <smac>
<smac-mask> }}{any-destination-mac|{host-destination-mac <host_dmac> }|{ <dmac>
<dmac-mask> }}tcp{{ <source> <source-wildcard> }|any-source| {host-source
<source-host-ip> }}[s-port { <port1> | range <sPortMin> <sPortMax> }] {{ <destination>
<destination-wildcard> } | any-destination| {host-destination <destination-host-ip> }} [d-port
{ <port3> | range <dPortMin> <dPortMax> }] [ack+fin+psh+rst+urg+syn] [precedence
<precedence> ] [tos <tos> ][time-range <time-range-name> ]
[no]{deny|permit}{any-source-mac|{host-source-mac <host_smac> }|{ <smac>
<smac-mask> }}{any-destination-mac|{host-destination-mac <host_dmac> }| { <dmac>
<dmac-mask> }}udp{{ <source> <source-wildcard> }|any-source| {host-source
<source-host-ip> }}[s-port{ <port1> | range <sPortMin> <sPortMax> }] {{ <destination>
<destination-wildcard> }|any-destination| {host-destination <destination-host-ip> }} [d-port
{ <port3> | range <dPortMin> <dPortMax> }] [precedence <precedence> ] [tos
<tos> ][time-range <time-range-name> ]
[no]{deny|permit}{any-source-mac|{host-source-mac<host_smac>}|{<smac>
<smac-mask>}}{any-destination-mac|{host-destination-mac<host_dmac>}|
{<dmac><dmac-mask>}}{eigrp|gre|igrp|ip|ipinip|ospf|{<protocol-num>}}
{{<source><source-wildcard>}|any-source|{host-source<source-host-ip>}}
{{<destination><destination-wildcard>}|any-destination|{host-destination
<destination-host-ip>}} [precedence <precedence>] [tos
<tos>][time-range<time-range-name>]
Functions:
Define an extended name MAC-IP ACL rule, ‘No’ form deletes one extended numeric MAC-IP ACL
access-list rule.