To Next Page

To Previous Page

Configuration Guide Configuring ACL

deny: Indicates that the ACE is a deny ACE.

protocol: Indicates the IP protocol number. The value ranges from 0 to 255. To facilitate the use, the system

provides frequently-used abbreviations to replace the specific IP protocol numbers, including eigrp, gre,

icmp, igmp, ip, ipinip, nos, ospf, tcp, and udp.

ethernet-type: Indicates that L2 packets of the specified Ethernet type are filtered.

cos out: Indicates that L2 packets with the specified cos field in the outer tag are filtered.

cos inner in: Indicates that L2 packets with the specified cos field in the inner tag are filtered.

VID out: Indicates that L2 packets with the specified VLAN ID field in the outer tag are filtered.

VID inner in: Indicates that L2 packets with the specified VLAN ID field in the inner tag are filtered.

source source-wildcard: Indicates that IP packets sent from hosts in the specified IP network segment are

filtered.

host source: Indicates that IP packets sent from a host with the specified source IP address are filtered.

any: Indicates that IP packets sent from any host are filtered.

host source-mac-address: Indicates that IP packets sent from a host with the specified source MAC address

are filtered.

any: Indicates that L2 packets sent to any host are filtered.

destination destination-wildcard: Indicates that IP packets sent to hosts in a specified IP network segment

are filtered.

host destination: Indicates that IP packets sent to a host with the specified destination IP address are

filtered.

any: Indicates that IP packets sent to any host are filtered.

host destination-mac-address: Indicates that IP packets sent to a host with the specified destination MAC

address are filtered.

any: Indicates that L2 packets sent to any host are filtered.

precedence precedence: Indicates that IP packets with the specified precedence field in the header are

filtered.

tos tos: Indicates that IP packets with the specified the TOS field in the header are filtered.

dscp dscp: Indicates that IP packets with the specified the dcsp field in the header are filtered.

fragment: Indicates that only fragmented IP packets except the first fragments are filtered.

time-range time-range-name: Indicates that this ACE is associated with a time range. The ACE takes effect

only within this time range. For details about the time range, see the configuration manual of the time range.

Command

Mode

Expert extended ACL configuration mode

Usage Guide

Run this command to add ACEs in expert extended ACL configuration mode. The ACL can be a named or

numbered ACL.

 Add ACEs to an expert extended ACL in global configuration mode.

Command

access-list acl-id { permit | deny } [ protocol | [ ethernet-type ] [ cos [ out ] [ inner in ] ] ] [ [ VID [ out ] [ inner

in ] ] ] { source source-wildcard | host source | any } { host source-mac-address | any } { destination

destination-wildcard | host destination | any } { host destination-mac-address | any } [ precedence

precedence ] [ tos tos ] [ fragment ] [ range lower upper ] [ time-range time-range-name ]]

Figure6

Brand	Ruijie
Model	RG-WLAN Series
Category	Wireless Access Point
Language	English

Ruijie RG-WLAN Series User Manual

Table of Contents

Other manuals for Ruijie RG-WLAN Series

Questions and Answers:

Ruijie RG-WLAN Series Specifications

Related product manuals