Command Reference ACL Commands
1.31 permit
One or multiple permit conditions are used to determine whether to forward or discard the packet. In
ACL configuration mode, you can modify the existent ACL or configure according to the protocol
details.
[ sn ] permit {source source-wildcard | host source | any | interface idx } [ time-range
tm-range-name] [ log ]
[ sn ] permit protocol source source-wildcard destination destination-wildcard [ precedence
precedence ] [ tos tos ] [ fragment ] [ range lower upper ] [ time-range time-range-name ] [ log ]
Extended IP ACLs of some important protocols:
Internet Control Message Protocol (ICMP)
[ sn ] permit icmp {source source-wildcard | host source | any } { destination destination-wildcard |
host destination | any } [ icmp-type ] [ [ icmp-type [icmp-code ] ] | [ icmp-message ] ] [ precedence
precedence ] [ tos tos ] [ fragment ] [ time-range time-range-name ]
Transmission Control Protocol (TCP)
[ sn ] permit tcp { source source-wildcard | host source | any } [ operator port [ port ] ] { destination
destination-wildcard | host destination | any } [ operator port [ port ] ] [ precedence precedence ]
[ tos tos ] [ fragment ] [ range lower upper ] [ time-range time-range-name ] [ match-all tcp-flag |
established ]
User Datagram Protocol (UDP)
[sn] permit udp {source source -wildcard|host source |any} [ operator port [port]] {destination
destination-wildcard |host destination | any} [operator port [port]] [precedence precedence] [tos
tos] [fragment] [range lower upper] [time-range time-range-name]
[sn] permit { any | host source-mac-address | source-mac-address mask} { any | host
destination-mac-address | destination -mac-address mask } [ ethernet-type ] [ cos [ out ] [ inner in ] ]
[sn] permit [protocol | [ethernet-type][ cos [out] [inner in]]] [VID [out][inner in]] {source
source-wildcard | host source | any} {host source-mac-address | any } {destination
destination-wildcard | host destination | any} {host destination-mac-address | any} [precedence
precedence] [tos tos][fragment] [range lower upper] [time-range time-range-name]
When you select the Ethernet-type field or cos field:
[sn] permit {ethernet-type| cos [out] [inner in]} [VID [out][inner in]] {source source-wildcard | host
source | any} {host source-mac-address | any } {destination destination-wildcard | host destination
| any} {host destination-mac-address | any} [time-range time-range-name]
When you select the protocol field:
[sn] permit protocol [VID [out][inner in]] {source source-wildcard | host Source | any} {host
source-mac-address | any } {destination destination-wildcard | host destination | any} {host
destination-mac-address | any} [precedence precedence] [tos tos] [fragment] [range lower upper]
[time-range time-range-name]
Extended expert ACLs of some important protocols:
Internet Control Message Protocol (ICMP)
To Next Page
Loading...
