4 access-list (ip standard), Access, List – PLANET XGS3-24040 User Manual

Commands for Security Function Chapter 2 Commands for 802.1x

41-4

access-list of this coded numeric extended does not exist, thus to create such a access-list.

Parameters: <num> is the No. of access-list, 100-299; <protocol> is the No. of upper-layer protocol

of ip, 0-255; <sIpAddr> is the source IP address, the format is dotted decimal notation; <sMask > is the

reverse mask of source IP, the format is dotted decimal notation; <dIpAddr> is the destination IP address,

the format is dotted decimal notation; <dMask> is the reverse mask of destination IP, the format is dotted

decimal notation, attentive position o, ignored position1;<igmp-type>,the type of igmp, 0-15;

<icmp-type>, the type of icmp, 0-255;<icmp-code>, protocol No. of icmp, 0-255;<prec>, IP priority, 0-7;

<tos>, to value, 0-15; <sPort>, source port No., 0-65535; <sPortMin>, the down boundary of source

port; <sPortMax>, the up boundary of source port; <dPortMin>, the down boundary of destination port;

<dPortMax>, the up boundary of destination port; <dPort>, destination port No., 0-65535;

<time-range-name>, the name of time-range.

Command Mode: Global mode

Default: No access-lists configured.

Usage Guide: When the user assign specific <num> for the first time, ACL of the serial number is

created, then the lists are added into this ACL; the access list which marked 200-299 can configure not

continual reverse mask of IP address.

<igmp-type> represent the type of IGMP packet, and usual values please refer to the following

description:

17(0x11): IGMP QUERY packet

18(0x12): IGMP V1 REPORT packet

22(0x16): IGMP V2 REPORT packet

23(0x17): IGMP V2 LEAVE packet

34(0x22): IGMP V3 REPORT packet

19(0x13): DVMR packet

20(0x14): PIM V1 packet

Particular notice: The packet types included here are not the types excluding IP OPTION. Normally,

IGMP packet contains OPTION fields, and such configuration is of no use for this type of packet. If you

want to configure the packets containing OPTION, please directly use the manner where OFFSET is

configured.

Examples: Create the numeric extended access-list whose serial No. is 110. deny icmp packet to pass,

and permit udp packet with destination address 192. 168. 0. 1 and destination port 32 to pass.

Switch(config)#access-list 110 deny icmp any any-destination

Switch(config)#access-list 110 permit udp any host-destination 192.168.0.1 d-port 32

41.4 access-list (ip standard)

Command: access-list <num> {deny | permit} {{<sIpAddr> <sMask >} | any-source| {host-source

<sIpAddr>}}

no access-list <num>

Functions: Create a numeric standard IP access-list. If this access-list exists, then add a rule list; the “no

access-list <num>“operation of this command is to delete a numeric standard IP access-list.

Parameters: <num> is the No. of access-list, 100-199; <sIpAddr> is the source IP address, the format

is dotted decimal notation; <sMask > is the reverse mask of source IP, the format is dotted decimal