Enterasys Matrix DFE-Gold Series - Page 822

944 pages

To Next Page

To Next Page

To Previous Page

To Previous Page

Loading...

Configuring Access Lists access-list (extended)

24-18 Security Configuration

To apply ACL restrictions to IP, UDP, or ICMP packets:

access-list access-list-number {deny | permit} protocol source [source-wildcard]

[operator [port]] destination [destination-wildcard] [operator [port]]

[tos-extensions][icmp-type [icmp-code] [log]

To apply ACL restrictions to TCP packets:

access-list access-list-number {deny | permit} protocol source [source-wildcard]

[operator [port]] destination [destination-wildcard] [operator [port]]

[tos-extensions][icmp-type [icmp-code] [established] [log]

no access-list access-list-number [entry]

Parameters

access‐list‐number Specifiesanextendedaccesslistnumber.Validvaluesarefrom100to

199.

insert|replaceentry (Optional)Insertsthisnewentrybeforeaspecifiedentryinanexisting

ACL,orreplacesaspecifiedentrywiththisnewentry.

log1‐5000|all EnablesyslogforACLentry

hits.Enablesyslogforsequentialnumbers

ofACLentriesorforallACLentries.

movedestination

source1source2

(Optional)Movesasequenceofaccesslistentriesbeforeanotherentry. 

Destinationisthenumberoftheexistingentrybeforewhichthisnew

entrywillbemoved.Source1isasingleentrynumberor

thefirstentry

numberintherangetobemoved.Source2(optional)isthelastentry

numberintherangetobemoved.Ifnotspecified,onlythesource1entry

willbemoved.

deny|permit Deniesorpermitsaccessifspecifiedconditionsaremet.

protocol SpecifiesanIPprotocolforwhich

todenyorpermitaccess.Validvalues

andtheircorrespondingprotocolsare:

•0–255‐AnyIPprotocolnumber,aslistedinhttp://www.iana.org/

assignments/protocol‐numbers

• ip‐AnyInternetprotocol

• icmp‐InternetControlMessageProtocol

• udp‐UserDatagramProtocol

• tcp‐TransmissionProtocol

• ah‐AuthenticationHeaderProtocol

• esp‐EncapsulationSecurityPayload

• gre

‐GenericRouterEncapsulationProtocol

source Specifiesthenetworkorhostfromwhichthepacketwillbesent.Valid

optionsforexpressingsourceare:

•IPaddressorrangeofaddresses(A.B.C.D)

• any‐Anysourcehost

• hostsource‐IPaddressofasinglesourcehost

source‐wildcard (Optional)Specifiesthebitstoignorein

thesourceaddress.

Table of Contents

Related product manuals

Preview: Enterasys Matrix 2G4072-52

Enterasys Matrix 2G4072-52

Preview: Enterasys Matrix E1 1H582-51

Enterasys Matrix E1 1H582-51

Enterasys Matrix E1 1G694-13

Preview: Enterasys Matrix-V V2H124-24

Enterasys Matrix-V V2H124-24

Preview: Enterasys C3G124-24

Enterasys C3G124-24

Preview: Enterasys B5G124-24

Enterasys B5G124-24

Enterasys A4H124-48P

Preview: Enterasys B5G124-24P2

Enterasys B5G124-24P2

Preview: Enterasys SecureStack C2

Enterasys SecureStack C2

Enterasys SSA-G1018-0652

Preview: SecureStack B3 B3G124-24P

SecureStack B3 B3G124-24P

Preview: SecureStack B2 B2G124-48P

SecureStack B2 B2G124-48P