Intel SBCEGBESW1 Switch User Manual


 
ACL Commands
44 Intel® Blade Server Ethernet Switch Modules SBCEGBESW1 and SBCEGBESW10 CLI Guide
list-of-flags — Specifies a list of TCP flags that can be triggered. If a flag is set, it is
prefixed by “+”.
If a flag is not set, it is prefixed by “-”. The possible values are:
+urg, +ack, +psh,
+rst, +syn, +fin, -urg, -ack, -psh, -rst, -syn
and -fin. The flags are concatenated into
one string. For example:
+fin-ack.
Default Configuration
No IPv4 ACL is defined.
Command Mode
IP-Access List Configuration mode
User Guidelines
Use the ip access-list Global Configuration mode command to enable the IP-Access List
Configuration mode.
Before an Access Control Element (ACE) is added to an ACL, all packets are permitted.
After an ACE is added, an implied
deny-any-any condition exists at the end of the list
and those packets that do not match the conditions defined in the permit statement are
denied.
Example
The following example shows how to define a permit statement for an IP ACL.
deny (IP)
The deny IP-Access List Configuration mode command denies traffic if the conditions
defined in the deny statement match.
Syntax
deny [disable-port] {any | protocol} {any | {source source-wildcard}} {any |
{
destination destination-wildcard}} [dscp dscp number | ip-precedence ip-precedence]
[
in-port port-num | out-port port-num]
deny-icmp
deny-igmp
Console(config)#
ip access-list
ip-acl1
Console(config-ip-al)#
permit
rsvp 192.1.1.1 0.0.0.0
any
dscp
56