EasyManua.ls Logo

Supermicro SSE-F3548S - Page 244

Supermicro SSE-F3548S
366 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide
244
Step 1
configure terminal
Enters the configuration mode
Step 2
ip access-list extended { <access-list-number(1-
32768)> | <access-list-name> }
Creates an IP Extended ACL using
theip-access-list extended command.
access-list-numbercan be any
number from 1 to 32768
access-list-namecan be any name
string up to 32 characters.
Step 3
denyicmp {any |host<src-ip-address>|<src-ip-
address><mask>} {any | host<dest-ip-
address> | <dest-ip-address><mask> }
[<message-type (0-255)>] [<message-code (0-
255)>] [priority<(1-255)>]
or
permiticmp {any |host<src-ip-address>|<src-ip-
address><mask>} {any | host<dest-ip-
address> | <dest-ip-address><mask> }
[<message-type (0-255)>] [<message-code (0-
255)>] [priority<(1-255)>]
or
redirect<interface-type><interface-id>icmp {any
|host<src-ip-address>|<src-ip-address><mask>}
{any | host<dest-ip-address> | <dest-ip-
address><mask> } [<message-type (0-255)>]
[<message-code (0-255)>] [priority<(1-
255)>]
Configure a deny, permit or redirect
ACL rule.
The source and destination IP
addresses can be provided with
keyword host.
The keyword anycan be used to refer to
any IP addresses.
To configure a network IP, the address
and mask should be provided.
To apply this rule to ICMP packets with
specific message types or message
codes, usersshould provide matching
values for ICMP message types and
ICMP message codes.
The priority keyword lets users assign a
priority for this ACL rule.
This priority is an optional parameter. It
can be any value from 1 to 255. The
default value is 1.
Redirect ACL rules need additional
<interface-type><interface-
id>parameters to definethe port to
which the packets matching this ACL
rule need to be redirected.
Step 4
show access-lists
To display the configured ACL rule
Step 5
write startup-config
Optional step Saves this ACL
configuration to be part of startup
configuration.
The examples below show various ways to create IP Extended ACLs for ICMPpackets.
Create a deny IP Extended ACL with ACL number 100 to deny all ICMP “traceroute” messages.
SMIS# configure terminal
SMIS(config)# ip access-list extended 100

Table of Contents

Related product manuals