If the Port keyword is used, the rule applies to the specified port only. If the Policy keyword is
used, the rule applies to all ports configured with the specified policy. The default is that the rule
applies to all ports.
Syntax:
Security Network ACL
Add [<ace_id>] [<ace_id_
next>] [switch | (port <p
ort_list>) | (policy
<policy>)] [<tagged>] [<vid>] [<tag_prio>] [<dmac_type>] [(etype [<etype>] [<smac>] [<dmac>])
| (arp
[<sip>] [<di
p>] [<smac
>] [<arp_opc
ode>] [<ar
p_flags>])
| (ip [<si
p>] [<dip
>] [<protocol
>]
[<ip_flags>]) | (icmp [<sip>] [<dip>] [<icmp_type>] [<icmp_code>] [<ip_flags>]) | (udp [<sip>]
[<dip>] [<sport>] [<dport>] [<ip_flags>]) | (tcp [<sip>] [<dip>] [<sport>] [<dport>] [<ip_flags>]
[<tcp_flags>])] [permit|deny] [<rate_limiter>] [<port_copy>] [<mirror>] [<logging>]
[<shutdown>]
Parameters:
<ace_id> : ACE ID (1-256), default: Next available ID
<ace_id_next> : Next ACE ID (1-256), default: Add ACE last
switch : Switch ACE keyword
port : Port ACE keyword
<port_list> : Port list or 'all', default: All ports
policy : Policy ACE keyword
<policy> : Policy number (1-8)
<tagged> : Tagged of frames: any|enable|disable
<vid> : VLAN ID (1-4095) or 'any'
<tag_prio> : VLAN tag priority (0-7) or 'any'
<dmac_type> : DMAC type: any|unicast|multicast|broadcast
Etype : Ethernet Type keyword
<Etype> : Ethernet Type: 0x600 - 0xFFFF or 'any' but excluding,
0x800(IPv4) 0x806(ARP) and 0x86DD (IPv6)
<Smac> : Source MAC address (xx-xx-xx-xx-xx-xx) or 'any'
<Dmac> : Destination MAC address (xx-xx-xx-xx-xx-xx) or 'any'
Arp : ARP keyword
<Sip> : Source IP address (a.b.c.d/n) or 'any'
<Dip> : Destination IP address (a.b.c.d/n) or 'any'
<arp_opcode>: ARP operation code: any|arp|rarp|other
<arp_flags> : ARP flags: request|smac|tmac|len|ip|ether [0|1|any]
ip : IP keyword
<protocol> : IP protocol number (0-255) or 'any'
<ip_flags> : IP flags: ttl|options|fragment [0|1|any]
icmp : ICMP keyword
<icmp_type> : ICMP type number (0-255) or 'any'
<icmp_code> : ICMP code number (0-255) or 'any'
To Next Page
Loading...