24-Port 10/100Mbps Layer 2 Switch w/ 4 Gigabit Ports and 2 Shared Mini-GBIC Slots
35-6
Matching packet with any source IP address.
Matching packet with a specific source IP address.
Matching packet with a range of source IP address. For
example 172.17.5.1 with mask 255.255.255.0 means
172.15.5.0~255.
Matching packet with any destination IP address.
Matching packet with a specific destination IP address.
Matching packet with a range of destination IP address.
For example 172.17.5.1 with mask 255.255.255.0 means
172.15.5.0~255.
Standard IP Access List Configuration Mode
switch(config-std-nacl)# permit host 172.17.6.1 172.17.5.100
255.255.255.0
This command was introduced
deny (Extended IP Access List Configuration)
To configure a rule that packets matched will be filtered.
deny { ip | ospf | pim | <protocol-type (1-255)>} { any | host
<src-ip-address> | <src-ip-address> <mask> } { any | host
<dest-ip-address> | <dest-ip-address> <mask> } [ {tos <value
(0-7)> | dscp <value (0-63)>} ]
deny {tcp | udp} {any | host <src-ip-address> | <src-ip-address>
<src-ip-mask>} {anyport | <src-port (1-65535)> <x8000> | xC000
| xE000 | xF000 | xF800 | xFC00 | xFE00 | xFF00 | xFF80 | xFFC0
| xFFE0 | xFFF0 | xFFF8 | xFFFC | xFFFE | xFFFF>} {any | host
<dest-ip-address> | <dest-ip-address> <dest-ip-mask>}
{anyport | <dest-port (1-65535)> <x8000 | xC000 | xE000 | xF000
| xF800 | xFC00 | xFE00 | xFF00 | xFF80 | xFFC0 | xFFE0 | xFFF0
| xFFF8 | xFFFC | xFFFE | xFFFF>} [ {tos <value (0-7)> | dscp
<value (0-63)>} ] [{ ack | ack-not }][{ rst | rst-not }]
To Next Page
Loading...
