Filter
Top Products
User’s Manual of SGSD-1022 / SGSD-1022P
SGSW-2840 / SGSW-2840P
500
Extended ACL
Command Usage
All new rules are appended to the end of the list.
Address bitmasks are similar to a subnet mask, containing four integers from 0 to 255, each separated by a period. The
binary mask uses 1 bits to indicate “match” and 0 bits to indicate “ignore.” The bitmask is bitwise ANDed with the 21.
Includes TCP, UDP or other protocol types.
specified source IP address, and then compared with the address for each IP packet entering the port(s) to which this ACL
has been assigned.
• The following control codes may be specified:
-1 (fin) – Finish
-2 (syn) – Synchronize
-4 (rst) – Reset
-8 (psh) – Push
-16 (ack) – Acknowledgement
-32 (urg) – Urgent pointer
To define more than one control code, set the equivalent binary bit to “1” to indicate the
required codes. For Example, to set both SYN and ACK valid, use “control-code 18”
Example
This Example accepts any incoming packets if the source address is within subnet 10.7.1.x. For Example, if the rule is
matched; i.e., the rule (10.7.1.0 & 255.255.255.0) equals the masked address (10.7.1.2 & 255.255.255.0), the packet
passes through.
Console(config-ext-acl)# permit 10.7.1.1 255.255.255.0 any
Console(config-ext-acl)#
This allows TCP packets from class C addresses 192.168.1.0 to any destination address when set for destination TCP port
80 (i.e., HTTP).
Console(config-ext-acl)# permit 192.168.1.0 255.255.255.0 any
destination-port 80
Console(config-ext-acl)#