Command Reference ACL Commands
source-mac-address | any } [ operator port [port]] {destination destination-wildcard | host destination
| any} {host destination-mac-address | any} [operator port [port]] [precedence precedence] [tos tos]
[fragment] [range lower upper] [time-range time-range-name]
Address Resolution Protocol (ARP)
[sn] permit arp {vid vlan-id} [host source-mac-address | any] [host destination –mac-address | any]
{sender-ip sender-ip–wildcard | host sender-ip | any} {sender-mac sender-mac-wildcard | host
sender-mac | any} {target-ip target-ip–wildcard | host target-ip | any}
6) Extended IPv6 ACL
[sn] pe
rmit protocol {source-ipv6-prefix / prefix-length | any | host source-ipv6-address}
{destination-ipv6-prefix / prefix-length | any| hostdestination-ipv6-address} [dscp dscp] [flow-label
flow-label] [fragment] [range lower upper] [time-range time-range-name]
Extended IPv6 ACLs of some important protocols:
Internet Control Message Protocol (ICMP)
[sn] permit icmp {source-ipv6-prefix / prefix-length | any source-ipv6-address | host}
{destination-ipv6-prefix / prefix-length| host destination-ipv6-address | any} [icmp-type] [[icmp-type
[icmp-code]] | [icmp-message]] [dscp dscp] [flow-label flow-label][fragment] [time-range
time-range-name]
Transmission Control Protocol (TCP)
[sn] permit tcp {source-ipv6-prefix / prefix-length | hos
t source-ipv6-address | any} [operator port
[port] ] {destination-ipv6-prefix / prefix-length | host destination-ipv6-address | any} [operator port
[port]] [dscp dscp] [flow-label flow-label] [fragment] [range lower upper] [time-range
time-range-name] [match-all tcp-flag | established]
User Datagram Protocol (UDP)
[sn] permit udp {source-ipv6-prefix / prefix-length | host source-ipv6-address | any} [operator port
[port] ] {destination-ipv6-prefix / prefix-length | host destination-ipv6-address | any} [operator port
[port]] [dscp dscp] [flow-label flow-label] [fragment] [range lower up
per] [time-range
time-range-name]
Parameter
Description
Parameter Description
N/A N/A
Defaults
None
Command
mode
ACL configuration mode.
Usage Guide Use this command to configure the permit conditions for the ACL in ACL configuration mode.
Configuration
Examples
The following example shows how to create and display an Expert Extended ACL. This expert ACL
permits all the TCP packets with the source IP address 192.168.4.12 and the source MAC address
001300498272.
Ruijie(config)#expert access-list extended exp-acl
Ruijie(config-exp-nacl)#permit tcp host 192.168.4.12 host 0013.0049.8272
To Next Page
Loading...
Need help?
General
