To Next Page

To Previous Page

Configuration Guide Configuring ACL

any | destination destination-wildcard } [ [ precedence precedence [ tos tos ] ] | dscp dscp] [ fragment ]

[ time-range time-range-name ]

Parameter

Description

acl-id: Indicates the ID of a numbered ACL. It uniquely identifies an ACL. The value range of acl-id is

100–199 and 2000–1999.

sn: Indicates the sequence number of an ACE. The value ranges from 1 to 2,147,483,647. This sequence

number determines the priority of this ACE in the ACL. A smaller sequence number indicates a higher

priority. An ACE with a higher priority will be preferentially used to match packets. If you do not specify the

sequence number when adding an ACE, the system automatically allocates a sequence number, which is

equal to an increment (10 by default) plus the sequence number of the last ACE in the current ACL. For

example, if the sequence number of the last ACE is 100, the sequence number of a newly-added ACE will

be 110 by default. You can adjust the increment using a command.

permit: Indicates that the ACE is a permit ACE.

deny: Indicates that the ACE is a deny ACE.

protocol: Indicates the IP protocol number. The value ranges from 0 to 255. To facilitate the use, the

system provides frequently-used abbreviations to replace the specific IP protocol numbers, including eigrp,

gre, icmp, igmp, ip, ipinip, nos, ospf, tcp, and udp.

host source: Indicates that IP packets sent from a host with the specified source IP address are filtered.

source source-wildcard: Indicates that IP packets sent from hosts in the specified IP network segment are

filtered.

host destination: Indicates that IP packets sent to a host with the specified destination IP address are

filtered. If the any keyword is configured, IP packets sent to any host are filtered.

destination destination-wildcard: Indicates that IP packets sent to hosts in a specified IP network segment

are filtered.

any: Indicates that IP packets sent to or from any host are filtered.

precedence precedence: Indicates that IP packets with the specified precedence field in the header are

filtered.

tos tos: Indicates that IP packets with the specified the type of service (TOS) field in the header are filtered.

dscp dscp: Indicates that IP packets with the specified the dcsp field in the header are filtered.

fragment: Indicates that only fragmented IP packets except the first fragments are filtered.

time-range time-range-name: Indicates that this ACE is associated with a time range. The ACE takes effect

only within this time range. For details about the time range, see the configuration manual of the time range.

Command

Mode

Extended IP ACL configuration mode

Usage Guide

Run this command to add ACEs to a numbered IP ACL in extended IP ACL configuration mode.It cannot be

used to add ACEs to a named extended IP ACL.

 Applying an IP ACL

Command

ip access-group { acl-id | acl-name } { in | out } [reflect]

Parameter

Description

 acl-id: Indicates that a numbered standard or extended IP ACL will be applied to the interface.

 acl-name: Indicates that a named standard or extended IP ACL will be applied to the interface.

Figure6

Brand	Ruijie
Model	RG-WLAN Series
Category	Wireless Access Point
Language	English

Ruijie RG-WLAN Series User Manual

Table of Contents

Other manuals for Ruijie RG-WLAN Series

Questions and Answers:

Ruijie RG-WLAN Series Specifications

Related product manuals