202 MES3000 Ethernet switch series
deny ip
{any|source_mac source-mac-wildcard}
{any|destination_mac
destination_mac_wildcard}
{any|source_ip source_ip_wildcard}
{any|destination_ip destination_ip_wildcard}
[dscp dscp | precedence precedence]
[time-range range_name] [disable-port|log-
input] [index index] [offset-list offset_list_name]
[vlan vlan_id]
Add a deny filtration record for the ARP. Packets which fulfil the record's
requirements will be blocked by the switch. If the disable-port keyword is
specified, the physical interface having received the packet will be
disabled.
If the log-input keyword is specified, the physical a message will be sent
to the system log.
deny icmp {any|source source_wildcard}
{any|destination destination_wildcard}
{any|icmp_type} {any|icmp_code}
[dscp dscp | precedence precedence]
[time-range time_name]
[disable-port|log-input]
[index index] [offset-list offset_list_name]
Adds a deny filtration record for the ICMP. Packets which fulfil the
record's requirements will be blocked by the switch. If the disable-port
keyword is specified, the physical interface receiving the packet will be
disabled.
If the log-input keyword is specified, the physical a message will be sent
to the system log.
deny igmp {any|source source_wildcard}
{any|destination destination_wildcard}
[igmp_type]
[dscp dscp | precedence precedence]
[time-range time_name]
[disable-port|log-input] [index index]
[offset-list offset_list_name]
Adds a deny filtration record for the IGMP. Packets which fulfil the
record's requirements will be blocked by the switch. If the disable-port
keyword is specified, the physical interface receiving the packet will be
disabled. If the log-input keyword is specified, the physical a message will
be sent to the system log.
deny tcp {any| source source_wildcard}
{any|source_port}
{any|destination destination_wildcard}
{any|destination_port}
[dscp dscp | precedence precedence]
[match-all list_of_flags]
[time-range time_name]
[disable-port|log-input] [index index]
[offset-list offset_list_name]
Adds a deny filtration record for the TCP. Packets which fulfil the record's
requirements will be blocked by the switch. If the disable-port keyword is
specified, the physical interface receiving the packet will be disabled. If
the log-input keyword is specified, the physical a message will be sent to
the system log.
deny udp {any| source source_wildcard}
{any| source_port}
{any|destination destination_wildcard}
{any|destination_port}
[dscp dscp | precedence precedence]
[time-range time_name]
[disable-port|log-input] [index index]
[offset-list offset_list_name]
Adds a deny filtration record for the UDP. Packets which fulfil the record's
requirements will be blocked by the switch. If the disable-port keyword is
specified, the physical interface receiving the packet will be disabled.
offset-list offset_list_name {offset_base offset
mask value} …
Creates a user templates list with the name specified in the name field.
The name should contain from 1 to 32 characters.
One command may contain up to 13 templates (depends on the selected
system mode) having the following parameters:
offset_base—basic offset. Possible values:
L3—beginning of the IPv4 header.
L4—end of the IPv4 header.
offset—byte offset within a packet. Basic offset is considered as a starting
point.
mask—mask. Packet analysis is performed only for the bytes digits which
have "1" specified as defined in the mask.
value—the set value.
no offset-list offset_list_name
Removes a previously created list.
5.29.2 IPv6 ACL Configuration
The section provides values and description of main parameters which are used in IPv6 ACL
configuration commands.
In order to create an IPv6 ACL and enter its configuration mode, use the following command: ipv6
access-list access-list. For example, to create the MESipv6 ACL, the following commands should
be executed:
To Next Page
Loading...
