MES1000, MES2000 Ethernet Switches 199
Possible values of the TCP port field: bgp (179),
chargen (19), daytime (13), discard (9), domain (53), drip
(3949), echo (7), finger (79), ftp (21), ftp-data (20), gopher
(70), hostname (42), irc (194), klogin (543), kshell (544), lpd
(515), nntp (119), pop2 (109), pop3 (110), smtp (25), sunrpc
(1110, syslog (514), tacacs-ds (49), talk (517), telnet (23), time
(37), uucp (117), whois (43), www (80);
for UDP port biff (512), bootpc (68), bootps (67), discard (9),
dnsix (90), domain (53), echo (7 ), mobile-ip (434), nameserver
(42), netbios-dgm (138), netbios-ns (137), on500-isakmp
(4500), ntp (123), rip (520), snmp (161), snmptrap (162),
sunrpc (111), syslog (514), tacacs-ds (49), talk (517), tftp (69),
time (37), who (513), xdmcp (177).
Any number (0–65535).
If a flag should be set for a filtration rule, "+" is specified
before the flag; otherwise "-" is specified. Possible flags: +urg,
+ack, +psh, +rst, +syn, +fin, -urg, -ack, -psh, -rst, -syn, and -fin.
If several flags are used for the same filtration rule, they are
written in one line without spaces. For example: +fin-ack.
Disables the port which was used to send a packet fulfilling the
requirements of a deny command, which describes the field.
Enables message log registration when a packet is received
which corresponds to the record.
Name of user templates list
Specifies that the user templates list should be used for
packets recognition. Every ACL may have its own templates list
defined.
The index indicates position of the rule in a list and its priority.
The lower the index, the higher the priority. The possible
values are 1–2,147,483,647.
In order to select the whole range of parameters except dscp and ip-precedence, the any
parameter is used.
As soon as at least one record has been added to ACL, the last record is set by default to
deny any any any that means that all packets, which do not fulfil ACL requirements, will be
ignored.
Table 5.243—Configuration commands for IP-based ACLs
permit protocol
{any|source_ip source_ip_wildcard}
{any|destination_ip destination_ip_wildcard}
[dscp dscp | precedence precedence]
[time-range range_name] [index index]
[offset-list offset_list_name]
Adds a permit filtration record for a protocol. Packets which fulfil the
record's requirements will be processed by the switch.
permit ip
{any|source_mac source-mac-wildcard}
{any|destination_mac
destination_mac_wildcard}
{any|source_ip source_ip_wildcard}
{any|destination_ip destination_ip_wildcard}
[dscp dscp | precedence precedence]
[time-range range_name] [index index]
[offset-list offset_list_name]
Adds a permit filtration record for the IP protocol. Packets which fulfil the
record's requirements will be processed by the switch.
permit icmp
{any|source_ip source_ip -wildcard}
{any|destination_ip destination_ip_wildcard}
{any|icmp_type}
{any|icmp_code}
[dscp dscp | ip-precedence precedence]
[time-range range_name] [index index]
[offset-list offset_list_name]
Adds a permit filtration record for the ICMP protocol. Packets which fulfil
the record's requirements will be processed by the switch.
To Next Page
Loading...
Need help?
General
