200 MES3000 Ethernet switch series
Type of ICMP messages used for ICMP packets filtration.
Possible message codes of the icmp_type field: echo-reply,
destination-unreachable, source-quench, redirect, alternate-
host-address, echo-request, router-advertisement, router-
solicitation, time-exceeded, parameter-problem, timestamp,
timestamp-reply, information-request, information-reply,
address-mask-request, address-mask-reply, traceroute,
datagram-conversion-error, mobile-host-redirect, mobile-
registration-request, mobile-registration-reply, domain_name-
request, domain_name-reply, skip, photuris or the number of
message type (0–255).
Code of ICMP messages used for ICMP packets filtration.
Possible message codes of the icmp_code field: (0–255).
Type of IGMP messages used for IGMP packets filtration.
Possible message codes of the igmp_type field: host-query,
host-report, dvmrp, pim, cisco-trace, host-report-v2, host-
leave-v2, host-report-v3 or the message type number (0–255).
Possible values of the TCP port field: bgp (179),
chargen (19), daytime (13), discard (9), domain (53), drip
(3949), echo (7), finger (79), ftp (21), ftp-data (20), gopher
(70), hostname (42), irc (194), klogin (543), kshell (544), lpd
(515), nntp (119), pop2 (109), pop3 (110), smtp (25), sunrpc
(1110, syslog (514), tacacs-ds (49), talk (517), telnet (23), time
(37), uucp (117), whois (43), www (80);
for UDP port biff (512), bootpc (68), bootps (67), discard (9),
dnsix (90), domain (53), echo (7 ), mobile-ip (434), nameserver
(42), netbios-dgm (138), netbios-ns (137), on500-isakmp
(4500), ntp (123), rip (520), snmp (161), snmptrap (162),
sunrpc (111), syslog (514), tacacs-ds (49), talk (517), tftp (69),
time (37), who (513), xdmcp (177).
Any number (0–65535).
If a flag should be set for a filtration rule, "+" is specified
before the flag; otherwise "-" is specified. Possible flags: +urg,
+ack, +psh, +rst, +syn, +fin, -urg, -ack, -psh, -rst, -syn, and -fin.
If several flags are used for the same filtration rule, they are
written in one line without spaces. For example: +fin-ack.
Disables the port which was used to send a packet fulfilling the
requirements of a deny command which describes the field.
Enables message log registration when a packet is received
which corresponds to the record.
Name of user templates list
Specifies that the user templates list should be used for
packets recognition. Every ACL may have its own templates list
defined.
The index indicates position of the rule in a list and its priority.
The lower the index, the higher the priority. The possible
values are 1–2,147,483,647.
In order to select the whole range of parameters except dscp and ip-precedence, the any
parameter is used.
As soon as at least one record has been added to ACL, the last record is set by default to
deny any any any that means that all packets which do not fulfil ACL requirements will be
dropped.
Table 5.247 Configuration commands for IP-based ACLs
permit protocol
{any|source source_wildcard}
{any|destination destination_wildcard}
[dscp dscp | precedence precedence]
[time-range time_name] [index index]
[offset-list offset_list_name]
Adds a permit filtration record for a protocol. Packets which fulfil the
record's requirements will be processed by the switch.
To Next Page
Loading...
