EasyManua.ls Logo

Supermicro SSE-F3548S - Creating IP Extended Acls for TCP Traffic

Supermicro SSE-F3548S
366 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide
240
SMIS(config-ext-nacl)# redirect fx 0/10 ip 172.20.20.0 255.255.255.0 host 172.20.0.1 dscp 10
8.3.11 Creating IP Extended ACLs for TCP Traffic
Follow the below steps to create an IP Extended ACL for TCP traffic.
Step
Command
Description
Step 1
configure terminal
Enters the configuration mode
Step 2
ip access-list extended { <access-list-number(1-
32768)> | <access-list-name> }
Creates an IP Extended ACL using the
ip-access-list extended command.
access-list-number can be any
number from 1 to 32768
access-list-name can be any name
string up to 32 characters.
Step 3
denytcp {any | host<src-ip-address> | <src-
ip-address><src-mask> } [{eq<port-number (0-
65535)> }] { any | host<dest-ip-address> |
<dest-ip-address><dest-mask> } [{eq<port-
number (0-65535)> }] [{ ack | rst }]
[{tos<value (0-255)>|dscp<value (0-63)>}] [
priority<short(1-255)>]
or
permittcp {any | host<src-ip-address> | <src-
ip-address><src-mask> } [{eq<port-number (0-
65535)> }] { any | host<dest-ip-address> |
<dest-ip-address><dest-mask> } [{eq<port-
number (0-65535)> }] [{ ack | rst }]
[{tos<value (0-255)>|dscp<value (0-63)>}] [
priority<short(1-255)>]
or
redirect<interface-type><interface-id>tcp {any |
host<src-ip-address> | <src-ip-address><src-
mask> } [{eq<port-number (0-65535)> }] {
any | host<dest-ip-address> | <dest-ip-
address><dest-mask> } [{eq<port-number (0-
65535)> }] [{ ack | rst }] [{tos<value (0-
255)>|dscp<value (0-63)>}] [
priority<short(1-255)>]
Configures a deny, permit or redirect
ACL rule.
The source and destination IP
addresses are provided with the
keyword host.
The keyword anymay be used to refer
to any IP addresses.
To configure a network IP, address and
mask should be provided.
To apply this rule to packets with
specific TCP ports, userscan configure
either the source or destination TCP
ports.
The specific TCP port is provided with
the keyword eq.
To apply this ACL rule to only TCP ACK
packets, the keyword ackcan be used.
Similarly, to apply this ACL rule to only
TCP RST packets, the keyword rst could
be used.
To apply this rule to packets with
specific TOS values, use the keyword
tos and specify the TOS value to be
matched. User can specify any TOS
values from 0 to 255. The user provided
TOS value will be matched exactly
against the type of service byte on the
IPv4 header of the received packets.
Hence users have to provide the TOS
byte value combining the precedence

Table of Contents

Related product manuals