Command Reference ACL Commands
VID vid
Match the specified VID.
ethernet-type
Ethernet type
match-all
Match all the bits of the TCP flag.
tcp-flag
Match the TCP flag.
established
Match the RST or ACK bits, not other bits of the TCP flag.
text
Remark information
Defaults
None
Command
Mode
Global configuration mode.
Usage Guide
To filter the data by using the access control list, you must first define a series of rule statements by
using the access list. You can use ACLs of the appropriate types according to the security needs:
The standard IP ACL (1 to 99, 1300 to 1999) only controls the source IP addresses.
The extended IP ACL (100 to 199, 2000 to 2699) can enforce strict control over the source and
destination IP addresses.
The extended MAC ACL (700 to 799) can match against the source/destination MAC addresses and
Ethernet type.
The extended expert access list (2700 to 2899) is a combination of the above and can match and filter
the VLAN ID.
For the layer-3 routing protocols including the unicast routing protocol and multicast routing protocol,
the following parameters are not supported by the ACL: precedence precedence/tos
tos/fragments/range lower upper/time-range time-range-name
The TCP Flag includes part or all of the following:
urg
ack
psh
rst
syn
fin
The packet precedence is as below:
critical
flash
flash-override
immediate
internet
network
priority
routine
The service types are as below:
max-reliability
To Next Page
Loading...
Need help?
General
