EasyManua.ls Logo

Extreme Networks Summit 200-24 - Access Control List Configuration Commands

Extreme Networks Summit 200-24
258 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Using Access Control Lists
Summit 200 Series Switch Installation and User Guide 107
Table 30: Access Control List Configuration Commands
Command Description
create access-list <name>
access-mask <access-mask name>
{dest-mac <dest_mac>}
{source-mac <src_mac>}
{vlan <name>}
{ethertype [IP | ARP | <hex_value>]}
{tos <ip_precedence>
| code-point <code_point>}
{ipprotocol
[tcp|udp|icmp|igmp|<protocol_num>]}
{dest-ip <dest_IP>/<mask length>}
{dest-L4port <dest_port>}
{source-ip <src_IP>/<mask length>}
{source-L4port <src_port> | {icmp-type
<icmp_type>} {icmp-code <icmp_code>}}
{egressport <port>}
{ports <portlist>}
[permit {qosprofile <qosprofile>} {set
code-point <code_point>} {set dot1p
<dot1p_value>}
| permit-established
| deny]
Creates an access list. The list is applied to all
ingress packets. Options include:
<name>Specifies the access control list
name. The access list name can be between
1 and 31 characters.
access-maskSpecifies the associated
access mask. Any field specified in the
access mask must have a corresponding
value specified in the access list.
dest-macSpecifies the destination MAC
address.
source-macSpecifies the source MAC
address.
vlanSpecifies the VLANid.
ethertypeSpecify IP, ARP, or the hex
value to match.
tosSpecifies the IP precedence value.
code-pointSpecifies the DiffServ code
point value.
ipprotocolSpecify an IP protocol, or the
protocol number
dest-ipSpecifies an IP destination
address and subnet mask. A mask length of
32 indicates a host entry.
dest-L4portSpecify the destination port.
source-ipSpecifies an IP source address
and subnet mask.
source-L4portSpecify the source port.
icmp-typeSpecify the ICMP type.
icmp-codeSpecify the ICMP code.
egressportSpecify the egress port
portsSpecifies the ingress port(s) on
which this rule is applied.
permitSpecifies the packets that match
the access list description are permitted to be
forward by this switch. An optional QoS profile
can be assigned to the access list, so that the
switch can prioritize packets accordingly.
setModify the DiffServ code point and/or
the 802.1p value for matching packets.
permit-establishedSpecifies a
uni-directional session establishment is
denied.
denySpecifies the packets that match the
access list description are filtered (dropped)
by the switch.

Table of Contents

Other manuals for Extreme Networks Summit 200-24

Preview: Hardware Installation Guide
Hardware Installation Guide112 pages

Related product manuals