Ruijie RG-S2600G-I Series

To Next Page

To Previous Page

CLI Reference Guide ACL Configuration Commands

show access-lists

Show all the ACLs.

ip access-list

Define the IP ACL.

ipv6 access-list

Define the extended IPV6 ACL.

deny

Define the deny rule.

permit

Define the permit rule.

Platform

Description

permit

One or multiple permit conditions are used to determine whether to forward or discard the packet. In

ACL configuration mode, you can modify the existent ACL or configure according to the protocol

details.

Standard IP ACL

[ sn ] permit {source source-wildcard | host source | any | interface idx } [ time-range

tm-range-name] [ log ]

Extended IP ACL

[ sn ] permit protocol source source-wildcard destination destination-wildcard [ precedence

precedence ] [ tos tos ] [ fragment ] [ range lower upper ] [ time-range time-range-name ] [ log ]

Extended IP ACLs of some important protocols:

Internet Control Message Protocol (ICMP)

[ sn ] permit icmp {source source-wildcard | host source | any } { destination destination-wildcard |

host destination | any } [ icmp-type ] [ [ icmp-type [icmp-code ] ] | [ icmp-message ] ] [ precedence

precedence ] [ tos tos ] [ fragment ] [ time-range time-range-name ]

Transmission Control Protocol (TCP)

[ sn ] permit tcp { source source-wildcard | host source | any } [ operator port [ port ] ] { destination

destination-wildcard | host destination | any } [ operator port [ port ] ] [ precedence precedence ]

[ tos tos ] [ fragment ] [ range lower upper ] [ time-range time-range-name ] [ match-all tcp-flag |

established ]

User Datagram Protocol (UDP)

[sn] permit udp {source source -wildcard|host source |any} [ operator port [port]] {destination

destination-wildcard |host destination | any} [operator port [port]] [precedence precedence] [tos

tos] [fragment] [range lower upper] [time-range time-range-name]

Extended MAC ACL

[sn] permit {any | host source-mac-address} {any | host destination-mac-address}

[ethernet-type][ cos [out] [inner in]]

Extended expert ACL

[sn] permit [protocol | [ethernet-type][ cos [out] [inner in]]] [VID [out][inner in]] {source

source-wildcard | host source | any} {host source-mac-address | any } {destination

destination-wildcard | host destination | any} {host destination-mac-address | any} [precedence

precedence] [tos tos][fragment] [range lower upper] [time-range time-range-name]

When you select the Ethernet-type field or cos field:

[sn] permit {ethernet-type| cos [out] [inner in]} [VID [out][inner in]] {source source-wildcard | host

Main Page

Ruijie RG-S2600G-I Series - Page 936

Table of Contents

Related product manuals