NETGEAR GSM7228PS-100NAS Switch User Manual


 
Quality of Service (QoS) Commands
496
ProSafe Managed Switch
positions that are not used. In contrast, a wildcard mask has (0’s) in a bit position that
must be checked. A ‘1’ in a bit position of the ACL mask indicates the corresponding bit
can be ignored.
access-list
This command creates an IP Access Control List (ACL) that is identified by the access list
number, which is 1-99 for standard ACLs or 100-199 for extended ACLs.
IP Standard ACL:
Format access-list <1-99> {deny | permit} {every | <srcip> <srcmask>} [log]
[rate-limit <1-4294967295> <1-128>][assign-queue <queue-id>]
[{mirror | redirect} <unit/slot/port>]
Mode
IP Extended ACL:
Format access-list <100-199> {deny | permit} {every | {{icmp | igmp | ip |
tcp | udp | <number>} <srcip> <srcmask>[{eq {<portkey> | <0-65535>}
<dstip> <dstmask> [{eq {<portkey>| <0-65535>}] [precedence
<precedence> | tos <tos> <tosmask> | dscp <dscp>] [log] [rate-limit
<1-4294967295> <1-128>] [assign-queue <queue-id>] [{mirror |
redirect} <unit/slot/port>]
Mode
Global Config
Global Config
Parameter Description
<1-99> or <100-199>
Range 1 to 99 is the access list number for an IP standard ACL.
Range 100 to 199 is the access list number for an IP extended ACL.
{deny | permit}
Specifies whether the IP ACL rule permits or denies an action.
every
Match every packet
{icmp | igmp | ip | tcp | udp
| <number>}
Specifies the protocol to filter for an extended IP ACL rule.
<srcip> <srcmask>
Specifies a source IP address and source netmask for match
condition of the IP ACL rule.
[{eq {<portkey> |
<0-65535>}]
Specifies the source layer 4 port match condition for the IP ACL rule.
You can use the port number, which ranges from 0-65535, or you
specify the <portkey>, which can be one of the following
keywords: domain, echo, ftp, ftpdata, http, smtp,
snmp, telnet, tftp, and www-http. Each of these keywords
translates into its equivalent port number, which is used as both the
start and end of a port range.
<dstip> <dstmask>
Specifies a destination IP address and netmask for match condition
of the IP ACL rule.