273
DCS-3950 series Ethernet switch manual
the IP address of network; source-wildcard: reverse of source IP. Numbers of 32-bit binary
system expressed by decimal’s numbers with four-point separated, reverse mask;
destination-host-ip, destination No. of destination network or host to which packets are
delivered. Numbers of 32-bit binary system with dotted decimal notation expression;
host-source: means the address is the destination host address, otherwise the network IP
address; destination-wildcard: mask of destination. Numbers of 32-bit binary system
expressed by decimal’s numbers with four-point separated, reverse mask; s-port(optional):
means the need to match TCP/UDP source port; port1(optional): value of TCP/UDP
source interface No., Interface No. is an integer from 0-65535; d-port(optional): means
need to match TCP/UDP destination interface; port3(optional): valueof TCP/UDP
destination interface No., Interface No. is an integer from 0-65535; [ack] [fin] [psh] [rst] [urg]
[syn], (optional) only for TCP protocol, multi-choices of tag positions are available, and
when TCP data reports the configuration of corresponding position, then initialization of
TCP data report is enabled to form a match when in connection; precedence (optional)
packets can be filtered by priority which is a number from 0-7; tos (optional) packets can
be filtered by service type which ia number from 0-15; icmp-type (optional) ICMP packets
can be filtered by packet type which is a number from 0-255; icmp-code (optional) ICMP
packets can be filtered by packet code which is a number from 0-255; igmp-type
(optional) ICMP packets can be filtered by IGMP packet name or packet type which is a
number from 0-255; <time-range-name>, name of time range
Command mode: Global Mode
Default: No access-list configured
Usage Guide: When the user assign specific <num> for the first time, ACL of the serial
number is created, then the lists are added into this ACL.
Examples: Permit the passage of TCP packet with source MAC 00-12-34-45-XX-XX, any
destination MAC address, source IP address 100.1.1.0 0.255.255.255, and source port
100 and destination interface 40000.
Switch(Config)# access-list 3199 permit 00-12-34-45-67-00 00-00-00-00-FF-FF
any-destination-mac tcp 100.1.1.0 0.255.255.255 s-port 100 any-destination d-port 40000
15.3.2.14 mac-ip access extended
Command: Mac-ip-access-list extended <name>
no mac-ip-access-list extended <name>
Functions: Define a name-manner MAC-IP ACL or enter access-list configuration mode,
‘no mac-ip-access-list extended <name>’ command deletes this ACL.
Parameters:<name> :name of access-list excluding blank or quotation mark, and it must
start with letter, and the length cannot exceed 16 (remark: sensitivity on capital or small
letter.)
Command mode: Global Mode
Default: No named MAC-IP access-list
Usage Guide: When this command is called, an empty access list will be created.
Example: Create a MAC-IP based ACL, and name it as MAC IP ACL
Switch(Config)# mac-ip-access-list extended macip_acl
To Next Page
Loading...
Need help?
General