MES53xx, MES33xx, MES23xx Ethernet Switch Series 180
[matchall list_of_flags] [ace-priority index]
permit udp {any | source_prefix/length}
{any | source_port}
{any | destination_prefix/length}
{any | destination_port}
[dscp dscp | precedence precedence]
[timerange time_name] [ace-priority index]
Add a permit filtering entry for the UDP. The packets that meet the entry's
conditions will be processed by the switch.
deny protocol {any | source_prefix/length}
{any | destination_prefix/length}
[dscp dscp | precedence precedence]
[timerange time_name]
[disableport | loginput] [ace-priority index]
Add a deny filtering entry for a protocol. The packets that meet the entry's
conditions will be blocked by the switch. If the disable-port keyword is
specified, the physical interface receiving the packet will be disabled. If
the log-input keyword is specified, a message will be sent to the system
log.
deny icmp {any | source_prefix/length}
{any | destination_prefix/length}
{any | icmp_type} {any|icmp_code}
[dscp dscp| precedence precedence]
[timerange time_name]
[disableport | l [ace-priority index]
Add a deny filtering entry for the ICMP. The packets that meet the entry's
conditions will be blocked by the switch. If the disable-port keyword is
specified, the physical interface receiving the packet will be disabled. If
the log-input keyword is specified, a message will be sent to the system
log.
deny tcp {any | source_prefix/length}
{any | source_port}
{any | destination_prefix/length}
{any | destination_port}
[dscp dscp | precedence precedence]
list_of_flags]
time_name]
| [ace-priority index]
Add a deny filtering entry for the TCP. The packets that meet the entry's
conditions will be blocked by the switch. If the disable-port keyword is
specified, the physical interface receiving the packet will be disabled. If
the log-input keyword is specified, a message will be sent to the system
log.
deny udp {any | source_prefix/length}
{any | source_port}
{any | destination_prefix/length}
{any | destination_port}
[dscp dscp | precedence precedence]
all list_of_flags]
time_name]
[disableport | loginput] [ace-priority index]
Add a deny filtering entry for UDP. The packets that meet the entry's
conditions will be blocked by the switch. If the disable-port keyword is
specified, the physical interface receiving the packet will be disabled. If
the log-input keyword is specified, a message will be sent to the system
log.
11.3.3 MAC-based ACL Configuration
This section provides description of main parameters and their values for MAC-based ACL
configuration commands.
In order to create a MAC-based ACL and enter its configuration mode, use the following command:
mac access-list extended access-list. For example, to create an ACL named MESmac,
execute the following command:
console#
console# configure
console(config)# mac access-list extended MESmac
console(config-mac-al)#
Table 5.208. Main command parameters
Create a ‘permit’ filtering rule in the ACL.
Create a ‘deny’ filtering rule in the ACL.
Define MAC address of the packet source.
The bit mask applied to the
source MAC address of the
packet.
The mask specifies the bits of the MAC address which should
be ignored. “1” indicates an ignored bit. For example, the
mask can be used to specify an MAC address range that will be
To Next Page
Loading...
Need help?
General
