© 2011 Fujitsu Technology Solutions
778
10.18.2.5 access-list
This command creates an Access Control List (ACL) that is identified by the parameter.
Syntax
access-list {(<1-99> {deny | permit} {every | <srcip> <srcm ask>}) | ( {<100-199> {deny | permit} {every
| {{icm
p | igm
p | ip | tcp | u
dp
| <number
>} an
y | <srcip
> <sr
cmask
> [{eq {<por
tvalu
e> | <
portke
y>}]( an
y
| <dsti
p> <dstm
ask
>) [{eq {
<port
value>
| <p
ortke
y>}] {[pr
ecedenc
e <preced
ence
>] |
[tos <tos>
<tosmask>] | [dscp <dscp>] [log] [assign-queue <queue-id>] [{mirror | redirect} <slot/port>]
[<rule-id>]}}}})}
<accesslistnumber>. The ACL number is an integer from 1 to 199. The range 1 to 99 is for the normal
ACL List and 100 to 199 is for the extended ACL List.
permit or deny. The ACL rule is created with two options. The protocol to filter for an ACL rule is specified
by giving the protocol to be used like icmp ,igmp ,ip ,tcp, udp. The command specifies a source ip
address and source mask for match condition of the ACL rule specified by the srcip and srcmask
parameters. The source layer 4 port match condition for the ACL rule is specified by the port value
parameter.
<portvalue> uses a single keyword notation and currently has the values of domain, echo, ftp, ftpdata,
http, smtp, snmp, telnet, tftp, and www. Each of these values translates into its equivalent port number,
which is used as both the start and end of a port range. The command specifies a destination ip address
and destination mask for match condition of the ACL rule specified by the dstip and dstmask parameters.
The command specifies the TOS for an ACL rule depending on a match of precedence or DSCP values
using the parameters tos, tosmask, dscp.
Default Setting
None
Command Mode
Global Config
To Next Page
Loading...
