292
numeric MAC-IP ACL access-list rule.
Parameters: num access-list serial No. this is a decimal‘s No. from 3100-3199; deny if
rules are matching, deny to access; permit if rules are matching, permit to access;
any-source-mac: any source MAC address; any-destination-mac: any destination MAC
address; host_smac, smac: source MAC address; smac-mask: mask (reverse mask) of
source MAC address ; host_dmac , dmas destination MAC address; dmac-mask mask
(reverse mask) of destination MAC address; protocol No. of name or IP protocol. It can
be a key word: eigrp, gre, icmp, igmp, igrp, ip, ipinip, ospf, tcp, or udp, or an integer from
0-255 of list No. of IP address. Use key word ‗ip‘ to match all Internet protocols (including
ICMP, TCP, AND UDP) list; source-host-ip, source No. of source network or source host
of packet delivery. Numbers of 32-bit binary system with dotted decimal notation
expression; host: means the address is the IP address of source host, otherwise the IP
address of network; source-wildcard: reverse of source IP. Numbers of 32-bit binary
system expressed by decimal‘s numbers with four-point separated, reverse mask;
destination-host-ip, destination No. of destination network or host to which packets are
delivered. Numbers of 32-bit binary system with dotted decimal notation expression; host:
means the address is that the destination host address, otherwise the network IP address;
destination-wildcard: mask of destination. I Numbers of 32-bit binary system expressed
by decimal‘s numbers with four-point separated, reverse mask; s-port(optional): means
the need to match TCP/UDP source port; port1(optional): value of TCP/UDP source
interface No., Interface No. is an integer from 0-65535; <sPortMin>, the down boundary
of source port; <sPortMax>, the up boundary of source port; d-port(optional): means need
to match TCP/UDP destination interface; port3(optional): value of TCP/UDP destination
interface No., Interface No. is an integer from 0-65535; <dPortMin>, the down boundary
of destination port; <dPortMax>, the up boundary of destination port; [ack] [fin] [psh] [rst]
[urg] [syn], (optional) only for TCP protocol, multi-choices of tag positions are available,
and when TCP data reports the configuration of corresponding position, then initialization
of TCP data report is enabled to form a match when in connection; precedence (optional)
packets can be filtered by priority which is a number from 0-7; tos (optional) packets can
be filtered by service type which ia number from 0-15; icmp-type (optional) ICMP
packets can be filtered by packet type which is a number from 0-255; icmp-code
(optional) ICMP packets can be filtered by packet code which is a number from 0-255;
igmp-type (optional) ICMP packets can be filtered by IGMP packet name or packet type
which is a number from 0-255; <time-range-name>, name of time range.
Command Mode: Name extended MAC-IP access-list configuration mode
Default: No access-list configured.
Examples: Deny the passage of UDP packets with any source MAC address and
To Next Page
Loading...
