To Next Page

To Previous Page

Configuring Access Lists access-list (extended)

24-18 Security Configuration

To apply ACL restrictions to IP, UDP, or ICMP packets:

access-list access-list-number {deny | permit} protocol source [source-wildcard]

[operator [port]] destination [destination-wildcard] [operator [port]]

[tos-extensions][icmp-type [icmp-code] [log]

To apply ACL restrictions to TCP packets:

access-list access-list-number {deny | permit} protocol source [source-wildcard]

[operator [port]] destination [destination-wildcard] [operator [port]]

[tos-extensions][icmp-type [icmp-code] [established] [log]

no access-list access-list-number [entry]

Parameters

access‐list‐number Specifiesanextendedaccesslistnumber.Validvaluesarefrom100to

199.

insert|replaceentry (Optional)Insertsthisnewentrybeforeaspecifiedentryinanexisting

ACL,orreplacesaspecifiedentrywiththisnewentry.

log1‐5000|all EnablesyslogforACLentry

hits.Enablesyslogforsequentialnumbers

ofACLentriesorforallACLentries.

movedestination

source1source2

(Optional)Movesasequenceofaccesslistentriesbeforeanotherentry. 

Destinationisthenumberoftheexistingentrybeforewhichthisnew

entrywillbemoved.Source1isasingleentrynumberor

thefirstentry

numberintherangetobemoved.Source2(optional)isthelastentry

numberintherangetobemoved.Ifnotspecified,onlythesource1entry

willbemoved.

deny|permit Deniesorpermitsaccessifspecifiedconditionsaremet.

protocol SpecifiesanIPprotocolforwhich

todenyorpermitaccess.Validvalues

andtheircorrespondingprotocolsare:

•0–255‐AnyIPprotocolnumber,aslistedinhttp://www.iana.org/

assignments/protocol‐numbers

• ip‐AnyInternetprotocol

• icmp‐InternetControlMessageProtocol

• udp‐UserDatagramProtocol

• tcp‐TransmissionProtocol

• ah‐AuthenticationHeaderProtocol

• esp‐EncapsulationSecurityPayload

• gre

‐GenericRouterEncapsulationProtocol

source Specifiesthenetworkorhostfromwhichthepacketwillbesent.Valid

optionsforexpressingsourceare:

•IPaddressorrangeofaddresses(A.B.C.D)

• any‐Anysourcehost

• hostsource‐IPaddressofasinglesourcehost

source‐wildcard (Optional)Specifiesthebitstoignorein

thesourceaddress.

Brand	Enterasys
Model	Matrix DFE-Gold Series
Category	Switch
Language	English

Enterasys Matrix DFE-Gold Series User Manual

Table of Contents

Questions and Answers:

Enterasys Matrix DFE-Gold Series Specifications

Related product manuals