Accton Technology ES4626 Switch User Manual

Open as PDF

of 523

248

Example: Bind access list “aaa” to the incoming direction of the port.

Switch(Config-Ethernet1/1)#ip access-group aaa in

9.2.2.8 permit | deny(extended)

Command: [no] {deny | permit} icmp {{<sIpAddr> <sMask>} | any-source |

{host-source <sIpAddr>}} {{<dIpAddr> <dMask>} | any-destination |

{host-destination <dIpAddr>}} [<icmp-type> [<icmp-code>]] [precedence <prec>]

[tos <tos>]

[no] {deny | permit} igmp {{<sIpAddr> <sMask>} | any-source | {host-source

<sIpAddr>}} {{<dIpAddr> <dMask>} | any-destination | {host-destination <dIpAddr>}}

[<igmp-type>] [precedence <prec>] [tos <tos>]

[no] {deny | permit} tcp {{<sIpAddr> <sMask>} | any-source | {host-source

<sIpAddr>}} [s-port <sPort>] {{<dIpAddr> <dMask>} | any-destination |

{host-destination <dIpAddr>}} [d-port <dPort>] [ack | fin | psh | rst | syn | urg]

[precedence <prec>] [tos <tos>]

[no] {deny | permit} udp {{<sIpAddr> <sMask>} | any-source | {host-source

<sIpAddr>}} [s-port <sPort>] {{<dIpAddr> <dMask>} | any-destination |

{host-destination <dIpAddr>}} [d-port <dPort>] [precedence <prec>] [tos <tos>]

[no] {deny | permit} {eigrp | gre | igrp | ipinip | ip | <int>} {{<sIpAddr> <sMask>}

| any-source | {host-source <sIpAddr>}} {{<dIpAddr>

<dMask>} | any-destination |

{host-destination <dIpAddr>}} [precedence <prec>] [tos <tos>]

Function: Create or delete a name-based extended IP access rule for a specified IP

protocol or all IP protocols.

Parameter: <sIpAddr> is the source IP address in dot decimal format; <sMask > is the

mask complement of the source IP in dot decimal format; <dIpAddr> is the

destination IP address in dot decimal format; <dMask> is the mask

complement of the destination IP in dot decimal format, 0 for significant bit and

1 for ignored bit; <igmp-type> is the IGMP type from 0 to 255; <icmp-type> is

the ICMP type from 1 to 255; <icmp-code> is the ICMP protocol number from

0 to 255; <prec> is the IP priority from 0 – 7; <tos> is the tos value from 0 -15;

<sPort> is the source port number from 0 – 65535; <dPort> is the destination

port number from 0 – 65535.

Command Mode: named-based extended IP ACL configuration mode

Default: No IP address is configured by default.

Example: Create an extensive IP access list named “udpFlow”. Deny IGMP packets and

allow UDP packets destined for 192.168.0.1, port 32.

Switch(Config)# access-list ip extended udpFlow

Switch(Config-Ext-Nacl-udpFlow)#deny igmp any-source any-destination

Switch(Config-Ext-Nacl-udpFlow)#permit udp any-source host-destination 192.168.0.1

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Accton Technology ES4626 Switch User Manual