Configuring ACL ACL Configuration
User Guide
809
■ Combined ACL
Step 1 configure
Enter global configuration mode
Step 2 access-list create
acl-id
[name
acl-name
]
Create a Combined ACL.
acl-id:
Enter an ACL ID. The ID ranges from 1000 to 1499.
acl-name:
Enter a name to identify the ACL.
Step 3 access-list combined
acl-id-or-name
rule {auto |
rule-id
} {deny | permit} logging {enable |
disable} [smac
source-mac-address
smask
source-mac-mask
] [dmac
dest-mac-address
dmask
dest-mac-mask
] [vid
vlan-id
] [type
ether-type
] [pri
priority
] [sip
sip-address
sip-mask
sip-address-mask
] [dip
dip-address
dip-mask
dip-address-mask
] [dscp
dscp-value
] [tos
tos-
value
] [pre
pre-value
] [protocol
protocol
[s-port
s-port-number
s-port-mask
s-port-mask
]
[d-port
d-port-number
d-port-mask
d-port-mask
] [tcpflag
tcpflag
]] [tseg
time-range-name
]
Add rules to the ACL.
acl-id-or-name
: Enter the ID or name of the ACL that you want to add a rule for.
auto:
The rule ID will be assigned automatically and the interval between rule IDs is 5.
rule-id
: Assign an ID to the rule.
deny | permit: Specify the action to be taken with the packets that match the rule. Deny means
to discard; permit means to forward. By default, it is set to permit.
logging {enable | disable}: Enable or disable Logging function for the ACL rule. If "enable" is
selected, the times that the rule is matched will be logged every 5 minutes. With ACL Counter
trap enabled, a related trap will be generated if the matching times changes.
source-mac-address
: Enter the source MAC address.
source-mac-mask
: Enter the source MAC address mask.
dest-mac-address
: Enter the destination MAC address.
dest-mac-mask
: Enter the destination MAC address mask. This is required if a destination
MAC address is entered.
vlan-id
: The VLAN ID ranges from 1 to 4094.
ether-type
: Specify the Ethernet-type with 4 hexadecimal numbers.
priority
: The user priority ranges from 0 to 7. The default is No Limit.
sip-address
: Enter the source IP address.
sip-address-mask
: Enter the mask of the source IP address. It is required if source IP address
is entered.
dip-address
: This is required if a source IP address is entered.
dip-address-mask
: Enter the destination IP address mask. This is required if a destination IP
address is entered.
dscp-value:
Specify the DSCP value between 0 and 63.
tos-value:
Specify an IP ToS value to be matched between 0 and 15.
pre-value:
Specify an IP Precedence value to be matched between 0 and 7.
To Next Page
Loading...
