PLANET WGSW-50040 User Manual

Commands for Security Function Chapter 6 Commands for TACACS+

Parameters:

num access-list serial No. this is a decimal’s No. from 3100-3199;

deny if rules are matching, deny to access;

permit if rules are matching, permit to access;

any-source-mac: any source MAC address;

any-destination-mac: any destination MAC address;

host_smac, smac: source MAC address; smac-mask: mask (reverse mask) of source MAC

address ;

host_dmac , dmas destination MAC address;

dmac-mask mask (reverse mask) of destination MAC address;

protocol No. of name or IP protocol. It can be a key word: eigrp, gre, icmp, igmp, igrp, ip, ipinip,

ospf, tcp, or udp, or an integer from 0-255 of list No. of IP address. Use key word ‘ip’ to match all

Internet protocols (including ICMP, TCP, AND UDP) list;

source-host-ip, source No. of source network or source host of packet delivery. Numbers of 32-bit

binary system with dotted decimal notation expression;

host: means the address is the IP address of source host, otherwise the IP address of network;

source-wildcard: reverse of source IP. Numbers of 32-bit binary system expressed by decimal’s

numbers with four-point separated, reverse mask;

destination-host-ip, destination No. of destination network or host to which packets are delivered.

Numbers of 32-bit binary system with dotted decimal notation expression;

host: means the address is that the destination host address, otherwise the network IP address;

destination-wildcard: mask of destination. I Numbers of 32-bit binary system expressed by

decimal’s numbers with four-point separated, reverse mask;

s-port(optional): means the need to match TCP/UDP source port;

port1(optional): value of TCP/UDP source interface No., Interface No. is an integer from 0-65535;

<sPortMin>, the down boundary of source port; <sPortMax>, the up boundary of source port;

d-port(optional): means need to match TCP/UDP destination interface;

port3(optional): value of TCP/UDP destination interface No., Interface No. is an integer from

0-65535;

<dPortMin>, the down boundary of destination port;

<dPortMax>, the up boundary of destination port;

[ack] [fin] [psh] [rst] [urg] [syn], (optional) only for TCP protocol, multi-choices of tag positions are

available, and when TCP data reports the configuration of corresponding position, then initialization

of TCP data report is enabled to form a match when in connection;

precedence (optional) packets can be filtered by priority which is a number from 0-7;

tos (optional) packets can be filtered by service type which ia number from 0-15;

icmp-type (optional) ICMP packets can be filtered by packet type which is a number from 0-255;

icmp-code (optional) ICMP packets can be filtered by packet code which is a number from 0-255;