Dell N3000 Switch User Manual

Open as PDF

of 1460

Configuring Access Control Lists 613

{deny | permit} {every |

{{

ipv4-protocol

0-255

every

} {

srcip srcmask

any | host

srcip

} [{range

{

portkey

startport

}

{

portkey

endport

} |

{eq | neq | lt | gt}

{

portkey

0-65535

} ]

{

dstip dstmask

| any |

host

dstip

} [{range

{

portkey

startport

}

{

portkey

endport

} |

{eq | neq | lt | gt}

{

portkey

0-65535

}]

[flag [+fin | -fin] [+syn

| -syn] [+rst | -rst]

[+psh | -psh] [+ack | -

ack] [+urg | -urg]

[established]] [icmp-

type

icmp-type

[icmp-

code

icmp-code

] | icmp-

message

icmp-message

]

[igmp-type

igmp-type

]

[fragments] [precedence

precedence

| tos

tos

[

tosmask

] | dscp

dscp

]}} [time-range

time-range-name

] [log]

[assign-queue

queue-id

]

[{mirror | redirect}

unit/slot/port

] [rate-

limit

rate burst-size

]

Enter the permit and deny conditions for the extended

ACL.

•{

deny | permit

}–Specifies whether the IP ACL rule

permits or denies the matching traffic.

•

{

ipv4-protocol

number

every

}—

Specifies the

protocol to match for the IP ACL rule.

– IPv4 protocols:

eigrp, gre, icmp, igmp, ip, ipinip, ospf,

tcp, udp, pim

–

Every

: Match any protocol (don’t care)

•

srcip

srcmask

| any | host

srcip

—Specifies a source IP

address and netmask to match for the IP ACL rule.

– Specifying “any” implies specifying

srcip

as “0.0.0.0”

and

srcmask

as “255.255.255.255” for IPv4.

– Specifying “host A.B.C.D” implies

srcip

as “A.B.C.D”

and

srcmask

as “0.0.0.0”.

•

[{{eq | neq | lt | gt} {

portkey

number

} | range

startport endport

}]

—Specifies the layer 4 destination

port match condition for the IP ACL rule. A destination

port number, which ranges from 0-65535, can be entered,

or a

portkey

, which can be one of the following keywords:

domain, echo, ftp, ftp-data, http, smtp, snmp, telnet,

tftp, and www. Each of these keywords translates into its

equivalent destination port number.

– When “range” is specified, IP ACL rule matches only if

the layer 4 port number falls within the specified

portrange. The

startport

and

endport

parameters

identify the first and last ports that are part of the port

range. They have values from 0 to 65535. The ending

port must have a value equal or greater than the

starting port. The starting port, ending port, and all

ports in between will be part of the layer 4 port range.

Command Purpose

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Dell N3000 Switch User Manual