850 ExtremeWare Software 7.3.0 Command Reference Guide
Security Commands
create access-list ip destination source ports
create access-list <name> ip destination [<dest_ipaddress>/<mask> | any]
source [<src_ipaddress>/<src_mask> | any] [permit {<qosprofile>} | deny]
ports [<portlist> | any] {precedence <prec_number>}
Description
Creates a named IP access list that applies to all IP traffic.
Syntax Description
Default
N/A.
Usage Guidelines
The access list is applied to all ingress packets.
Example
The following example defines an access list entry allow102 with precedence 40 that permits all traffic on
any ingress ports to the
10.2.x.x subnet
, and assigns QoS profile Qp3 to those packets:
create access-list allow102 ip dest 10.2.0.0/16 source 0.0.0.0/0 permit qosprofile qp3
ports any precedence 40
The following command defines a default entry that is used to specify an explicit deny:
create access-list denyall ip dest 0.0.0.0/0 source 0.0.0.0/0 deny ports any
History
This command was first available in ExtremeWare 6.0, and replaced the
configure ipqos
command.
name Specifies the access list name. The access list name can be between 1 and
31 characters.
dest_ipaddress/mask Specifies an IP destination address and subnet mask. A mask length of 32
indicates a host entry.
any specifies that any address will match.
src_ipaddress/src_mask Specifies a source IP address and subnet mask.
any specifies that any address will match.
permit Specifies that packets that match the access list description are permitted to
be forward by this switch.
qosprofile Specifies an optional QoS profile can be assigned to the access list, so that
the switch can prioritize packets accordingly.
deny Specifies that packets that match the access list description are filtered
(dropped) by the switch.
portlist Specifies the ingress port(s) on which this rule is applied.
any specifies that the rule will be applied to all ports.
prec_number Specifies the access list precedence number. The range is 1 to 25,600.
To Next Page
Loading...