20 permit | deny(ip standard), 21 permit | deny(ipv6 extended), Permit – PLANET XGS3-24040 User Manual
Page 742: Deny, Ip standard, Extended
Commands for Security Function Chapter 2 Commands for 802.1x
41-14
Switch(Config-IP-Ext-Nacl-udpFlow)#deny igmp any any-destination
Switch(Config-IP-Ext-Nacl-udpFlow)#permit udp any host-destination 192.168.0.1 d-port 32
41.20 permit | deny(ip standard)
Command: {deny | permit} {{<sIpAddr> <sMask>} | any-source | {host-source <sIpAddr>}}
no {deny | permit} {{<sIpAddr> <sMask>} | any-source | {host-source <sIpAddr>}}
Functions: Create a name standard IP access rule, and “no {deny | permit} {{<sIpAddr> <sMask>} |
any-source | {host-source <sIpAddr>}}” action of this command deletes this name standard IP access
rule.
Parameters: <sIpAddr> is the source IP address, the format is dotted decimal notation; <sMask > is the
reverse mask of source IP, the format is dotted decimal notation.
Command Mode: Name standard IP access-list configuration mode
Default: No access-list configured.
Example: Permit packets with source address 10.1.1.0/24 to pass, and deny other packets with source
address 10.1.1.0/16.
Switch(config)# access-list ip standard ipFlow
Switch(Config-Std-Nacl-ipFlow)# permit 10.1.1.0 0.0.0.255
Switch(Config-Std-Nacl-ipFlow)# deny 10.1.1.0 0.0.255.255
41.21 permit | deny(ipv6 extended)
Command:[no]{deny|permit}icmp{{<sIPv6Prefix/sPrefixlen>|any|{host<sIPv6Addr>}}{<dIPv6Prefi
x/dPrefixlen>|any-destination|{host-destination<dIPv6Addr>}}[<icmp-type> [<icmp-code>]] [dscp
<dscp>] [flow-label <flowlabel>] [time-range <time-range-name>]
[no] {deny | permit} tcp { <sIPv6Prefix/sPrefixlen> | any-source | {host-source
<sIPv6Addr> }} [s-port { <sPort> | range <sPortMin> <sPortMax> }] { <dIPv6Prefix/dPrefixlen> |
any-destination | {host-destination <dIPv6Addr> }} [d-port { <dPort> | range <dPortMin>
<dPortMax> }] [syn | ack | urg | rst | fin | psh] [dscp <dscp> ] [flow-label <fl> ][time-range
<time-range-name> ]
[no] {deny | permit} udp { <sIPv6Prefix/sPrefixlen> | any-source | {host-source
<sIPv6Addr> }} [s-port { <sPort> | range <sPortMin> <sPortMax> }] { <dIPv6Prefix/dPrefixlen> |
any-destination | {host-destination <dIPv6Addr> }} [d-port { <dPort> | range <dPortMin>
<dPortMax> }] [dscp <dscp> ] [flow-label <fl> ][time-range <time-range-name> ]
[no] {deny | permit} <next-header> {<sIPv6Prefix/sPrefixlen> | any-source |
{host-source <sIPv6Addr>}} {<dIPv6Prefix/dPrefixlen> | any-destination | {host-destination
<dIPv6Addr>}} [dscp <dscp>] [flow-label <fl>][time-range <time-range-name>]
[no] {deny | permit} {<sIPv6Prefix/sPrefixlen> | any-source | {host-source <sIPv6Addr>}}
{<dIPv6Prefix/dPrefixlen> | any-destination | {host-destination <dIPv6Addr>}} [dscp <dscp>]
[flow-label <fl>] [time-range<time-range-name>]