acl-id: Indicates the ID of a numbered ACL. It uniquely identifies an ACL. The value range of acl-id is
2700-2899.
permit: Indicates that the ACE is a permit ACE.
deny: Indicates that the ACE is a deny ACE.
protocol: Indicates the IP protocol number. The value ranges from 0 to 255. To facilitate the use, the system
provides frequently-used abbreviations to replace the specific IP protocol numbers, including eigrp, gre,
icmp, igmp, ip, ipinip, nos, ospf, tcp, and udp.
ethernet-type: Indicates that L2 packets of the specified Ethernet type are filtered.
cos out: Indicates that L2 packets with the specified cos field in the outer tag are filtered.
cos inner in: Indicates that L2 packets with the specified cos field in the inner tag are filtered.
VID out: Indicates that L2 packets with the specified VLAN ID field in the outer tag are filtered.
VID inner in: Indicates that L2 packets with the specified VLAN ID field in the inner tag are filtered.
source source-wildcard: Indicates that IP packets sent from hosts in the specified IP network segment are
filtered.
host source: Indicates that IP packets sent from a host with the specified source IP address are filtered.
any: Indicates that IP packets sent from any host are filtered.
host source-mac-address: Indicates that IP packets sent from a host with the specified source MAC address
are filtered.
any: Indicates that L2 packets sent to any host are filtered.
destination destination-wildcard: Indicates that IP packets sent to hosts in a specified IP network segment
are filtered.
host destination: Indicates that IP packets sent to a host with the specified destination IP address are
filtered.
any: Indicates that IP packets sent to any host are filtered.
host destination-mac-address: Indicates that IP packets sent to a host with the specified destination MAC
address are filtered.
any: Indicates that L2 packets sent to any host are filtered.
precedence precedence: Indicates that IP packets with the specified precedence field in the header are
filtered.
tos tos: Indicates that IP packets with the specified the TOS field in the header are filtered.
dscp dscp: Indicates that IP packets with the specified the dcsp field in the header are filtered.
fragment: Indicates that only fragmented IP packets except the first fragments are filtered.
time-range time-range-name: Indicates that this ACE is associated with a time range. The ACE takes effect
only within this time range. For details about the time range, see the configuration manual of the time range.
To Next Page
Loading...
