EasyManua.ls Logo

Edge-Core ES4528V-38 - Acl Add

Edge-Core ES4528V-38
396 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
C
HAPTER
23
| ACL Commands
– 326 –
acl add This command adds or modifies an access control entry.
SYNTAX
acl add [ace-id] [ace-id-next]
[switch | (port port) | (policy policy)]
[vlan-id] [tag-priority] [dmac-type]
[(etype [ethernet-type] [smac] [dmac]) |
(arp [sip] [dip] [smac] [arp-opcode] [arp-flags]) |
(ip [sip] [dip] [protocol] [ip-flags]) |
(icmp [sip] [dip] [icmp-type] [icmp-code] [ip-flags]) |
(udp [sip] [dip] [sport] [dport] [ip-flags]) |
(tcp [sip] [dip] [sport] [dport] [ip-flags] [tcp-flags])]
[permit |
deny] [rate-limiter] [port-copy] [logging] [shutdown]
ace-id - An ACL entry which specifies one of the following criteria to
be matched in the ingress frame. (Range: 1-128; Default: Next
available ID)
ace-id-next - Inserts the ACE before this row. If not specified, the
ACE is inserted at the bottom of the list. (Range: 1-128)
switch - ACE applies to all ports on the switch.
port port - ACE applies to specified port or a range of ports.
(Range: 1-28)
policy policy - An ACL policy identifier to which this ACE is
assigned. (Range: 1-8)
vlan-id - The VLAN to filter for this rule. (Range: 1-4095, or any)
tag-priority - Specifies the User Priority value found in the VLAN tag
(3 bits as defined by IEEE 802.1p) to match for this rule. (Range: 0-
7, or any)
dmac-type - The type of destination MAC address. (Options: any,
unicast, multicast, broadcast; Default: any)
etype - One of the following Ethernet or MAC parameters:
ethernet-type - This option can only be used to filter Ethernet II
formatted packets. (Range: 0x600-0xffff hex, or any; Default:
any)
A detailed listing of Ethernet protocol types can be found in RFC
1060. A few of the more common types include 0800 (IP), 0806
(ARP), 8137 (IPX).
smac - Source MAC address (xx-xx-xx-xx-xx-xx) or any.
dmac - Destination MAC address (xx-xx-xx-xx-xx-xx) or any.
arp - One of the following MAC or ARP parameters:
sip - Source IP address (a.b.c.d/n) or any.
dip - Destination IP address (a.b.c.d/n) or any.
smac - Source MAC address (xx-xx-xx-xx-xx-xx) or any.
arp-opcode - Specifies the type of ARP packet. (Options: any -
no ARP/RARP opcode flag is specified, arp -frame must have

Table of Contents

Related product manuals