Filter
Top Products
270 ACL Commands
Commands in this Chapter
This chapter explains the following commands:
access-list
Use the access-list command in Global Configuration mode to create an
Access Control List (ACL) that is identified by the parameter
list-name
.
The command specifies the queue identifier to which packets matching this
rule are assigned. The command may also specify the mirror or redirect
interface (unit/slot/port) to which packets matching this rule are copied or
forwarded, respectively.
The time-range parameter allows imposing time limitation on the ACL rule
as defined by the parameter
time-range-name
. If a time range with the
specified name does not exist, and the ACL containing this ACL rule is
applied to an interface or bound to a VLAN, then the ACL rule is applied
immediately. If a time range with specified name exists and the ACL
containing this ACL rule is applied to an interface or bound to a VLAN, then
the ACL rule is applied when the time-range with specified name becomes
active. The ACL rule is removed when the time-range with specified name
becomes inactive.
access-list
list-name
{deny | permit} {every | {{icmp | igmp | ip | tcp |
udp |
number
} any|
srcip
srcmask
[{eq {
portkey
|
0-65535
}]
dstip dstmask
[{eq {
portkey
|
0-65535
}] [precedence
precedence
| tos
tos
tosmask
| dscp
dscp
] }[log] [time-range
time-range-name
] [assign-queue
queue-id
]
[{mirror | redirect}
interface-id
]
no access-list
list-name
access-list mac access-list extended rename
deny | permit (IP ACL) service-acl input
deny | permit (Mac-Access-List-
Configuration)
show service-acl interface
ip access-group show ip access-lists
mac access-group show mac access-list
mac access-list extended
2CSPC4.XCT-SWUM2XX1.book Page 270 Monday, October 3, 2011 11:05 AM