PLANET WGSW-52040 User Manual
Page 604
38-144
access-list <num> {deny|permit}{any-source-mac| {host-source-mac <host_smac> }|{ <smac>
<smac-mask> }}{any-destination-mac| {host-destination-mac <host_dmac> }|{ <dmac> <dmac-mask> }}tcp
{{ <source> <source-wildcard> }|any-source| {host-source <source-host-ip> }}[s-port{ <port1> | range
<sPortMin> <sPortMax> }] {{ <destination> <destination-wildcard> } | any-destination | {host-destination
<destination-host-ip> }} [d-port { <port3> | range <dPortMin> <dPortMax> }] [ack+fin+psh+rst+urg+syn]
[precedence <precedence> ] [tos <tos> ] [time-range <time-range-name> ]
access-list <num> {deny|permit}{any-source-mac| {host-source-mac <host_smac> }|{ <smac>
<smac-mask> }}{any-destination-mac| {host-destination-mac <host_dmac> }|{ <dmac> <dmac-mask> }}udp
{{ <source> <source-wildcard> }|any-source| {host-source <source-host-ip> }}[s-port{ <port1> | range
<sPortMin> <sPortMax> }] {{ <destination> <destination-wildcard> }|any-destination| {host-destination
<destination-host-ip> }}[d-port{ <port3> | range <dPortMin> <dPortMax> }] [precedence
<precedence> ] [tos <tos> ][time-range <time-range-name> ]
access-list <num> {deny|permit}{any-source-mac| {host-source-mac <host_smac> }|{ <smac>
<smac-mask> }} {any-destination-mac|{host-destination-mac <host_dmac> }|{ <dmac> <dmac-mask> }}
{eigrp|gre|igrp|ip|ipinip|ospf|{ <protocol-num> }} {{ <source> <source-wildcard> }|any-source|{host-source
<source-host-ip> }} {{ <destination> <destination-wildcard> }|any-destination| {host-destination
<destination-host-ip> }} [precedence <precedence> ] [tos <tos> ][time-range <time-range-name> ]
Functions:
Define an extended numeric MAC-IP ACL rule, no command deletes a extended numeric MAC-IP ACL access-list
rule.
Parameters:
num access-list serial No. this is a decimal’s No. from 3100-3299; deny if rules are matching, deny to access;
permit if rules are matching, permit to access; any-source-mac: any source MAC address; any-destination-mac:
any destination MAC address; host_smac , smac: source MAC address; smac-mask: mask (reverse mask) of
source MAC address ; host_dmac , dmas destination MAC address; dmac-mask mask (reverse mask) of
destination MAC address; protocol No. of name or IP protocol. It can be a key word: eigrp, gre, icmp, igmp, igrp, ip,
ipinip, ospf, tcp, or udp, or an integer from 0-255 of list No. of IP address. Use key word ‘ip’ to match all Internet
protocols (including ICMP, TCP, AND UDP) list; source-host-ip, source No. of source network or source host of
packet delivery. Numbers of 32-bit binary system with dotted decimal notation expression; host: means the address
is the IP address of source host, otherwise the IP address of network; source-wildcard: reverse of source IP.
Numbers of 32-bit binary system expressed by decimal’s numbers with four-point separated, reverse mask;
destination-host-ip, destination No. of destination network or host to which packets are delivered. Numbers of
32-bit binary system with dotted decimal notation expression; host: means the address is the that the destination
host address, otherwise the network IP address; destination-wildcard: mask of destination. I Numbers of 32-bit
binary system expressed by decimal’s numbers with four-point separated, reverse mask; s-port(optional): means
the need to match TCP/UDP source port; port1(optional): value of TCP/UDP source interface No., Interface No. is
an integer from 0-65535; d-port(optional): means need to match TCP/UDP destination interface; <sPortMin>, the