Filter
Top Products
C H A P T E R 17 Access Policies
319
create access-list icmp destination
[<dest_ipaddress>/<mask> | any] source
[<src_ipaddress>/<source_mask> | any]
type <icmp_type> code <icmp_code>
[permit | deny] {<portlist>} {precedence
<number>}
Creates a named ICMP access list. The access list
is applied to all ingress packets. Options include:
•
<name>—Specifies the access list name of
between 1 and 16 characters.
•
icmp—Specifies an ICMP access list.
•
destination—Specifies an IP destination
address and subnet mask. A mask length of
32 indicates a host entry.
•
source—Specifies an IP source address and
subnet mask.
•
type—Specifies the ICMP_TYPE number
from 0 to 255.
•
code—Specifies the ICMP_CODE number
from 0 to 255.
•
permit—Specifies that packets matching the
access list description are forwarded. An
optional QoS profile can be assigned to the
access list, so the switch can prioritize
packets accordingly.
•
deny—Specifies that packets matching the
access list description are filtered (dropped)
by the switch.
delete access-list <name> Deletes an access list.
disable access-list <name> [counter | log] Disables the collection of access-list statistics.
enable access-list <name> [counter | log] Enables the collection of access-list statistics.
The default setting is enabled.
disable access-list <name> log Disables logging of a message (with details of
packet properties) to the Syslog facility for each
packet that matches the access list description.
enable access-list <name> log Enables logging of message, (with details of
packet properties) to the Syslog facility for each
packet matching the access list description.
Table 17.1: Access List Configuration Commands (continued)
Command Description