280
<source-wildcard> }|any-source| {host-source <source-host-ip> }}[s-port{ <port1> |
range <sPortMin> <sPortMax> }] {{ <destination>
<destination-wildcard> }|any-destination| {host-destination
<destinati
on-host-ip>
}}[d-port
{ <port3>
| range
<dPortMin>
<dPortMax>
}]
[precedence <precedence> ] [tos <tos> ][time-range <time-range-name> ]
access-list <num> {deny|permit}{any-source-mac| {host-source-mac
<host_smac> }|{ <smac> <smac-mask> }}
{any-destination-mac|{host-destination-mac <host_dmac> }|{ <dmac>
<dmac-mask> }} {eigrp|gre|igrp|ip|ipinip|ospf|{ <protocol-num> }} {{ <source>
<source-wildcard> }|any-source|{host-source <source-host-ip> }} {{ <destination>
<destination-wildcard> }|any-destination| {host-destination <destination-host-ip> }}
[precedence <precedence> ] [tos <tos> ][time-range <time-range-name> ]
Functions: Define a extended numeric MAC-IP ACL rule, ‗No‘ command deletes a
extended numeric MAC-IP ACL access-list rule.
Parameters: num access-list serial No. this is a decimal‘s No. from 3100-3299;deny if
rules are matching, deny to access; permit if rules are matching, permit to access;
any-source-mac: any source MAC address; any-destination-mac: any destination MAC
address; host_smac , smac: source MAC address; smac-mask: mask (reverse mask) of
source MAC address ; host_dmac , dmas destination MAC address; dmac-mask mask
(reverse mask) of destination MAC address; protocol No. of name or IP protocol. It can
be a key word: eigrp, gre, icmp, igmp, igrp, ip, ipinip, ospf, tcp, or udp, or an integer from
0-255 of list No. of IP address. Use key word ‗ip‘ to match all Internet protocols (including
ICMP, TCP, AND UDP) list; source-host-ip, source No. of source network or source
host of packet delivery. Numbers of 32-bit binary system with dotted decimal notation
expression; host: means the address is the IP address of source host, otherwise the IP
address of network; source-wildcard: reverse of source IP. Numbers of 32-bit binary
system expressed by decimal‘s numbers with four-point separated, reverse mask;
destination-host-ip, destination No. of destination network or host to which packets are
delivered. Numbers of 32-bit binary system with dotted decimal notation expression; host:
means the address is the that the destination host address, otherwise the network IP
address; destination-wildcard: mask of destination. I Numbers of 32-bit binary system
expressed by decimal‘s numbers with four-point separated, reverse mask;
s-port(optional): means the need to match TCP/UDP source port; port1(optional): value
of TCP/UDP source interface No., Interface No. is an integer from 0-65535;
d-port(optional): means need to match TCP/UDP destination interface; <sPortMin>, the
down boundary of source port; <sPortMax>, the up boundary of source port;
port3(optional): value of TCP/UDP destination interface No., Interface No. is an integer
To Next Page
Loading...
