Loading ...
Loading ...
Loading ...
DXS-3600 Series 10GbE Layer 2/3 Switch CLI Reference Guide
26
3-10 permit | deny (expert access-list)
Use the permit command to add a permit entry. Use the deny command to add a deny entry. Use the no command to
remove an entry.
Extended expert ACL:
[sn] {permit | deny} [ethernet-type] [[cos out [inner in]] | [vlan out [inner in]]] {source source-wildcard | host
source | any} {source-mac-address mask | host source-mac-address | any} {destination destination-wildcard |
host destination | any} {destination-mac-address mask | host destination-mac-address | any} [time-range
time-range-name]
[sn] {permit | deny} protocol [vlan out [inner in]] {source source-wildcard | host source | any} {source-mac-
address mask | host source-mac-address | any} {destination destination-wildcard | host destination | any}
{destination-mac-address mask | host destination-mac-address | any} [precedence precedence] [tos tos]
[fragments] [time-range time-range-name]
Extended expert ACLs of some important protocols:
[sn] {permit | deny} tcp [vlan out [inner in]] {source source-wildcard | host source | any} {source-mac-address
mask | host source-mac-address | any} [operator port]] {destination destination-wildcard | host destination |
any} {destination-mac-address mask | host destination-mac-address | any} [operator port] [precedence
precedence] [tos tos] [fragments] [time-range time-range-name] [tcp-flag]
[sn] {permit | deny} udp [vlan out [inner in]] {source source-wildcard | host source | any} {source-mac-address
mask | host source-mac-address | any} [operator port] {destination destination-wildcard | host destination |
any} {destination-mac-address mask | host destination-mac-address | any} [operator port] [precedence
precedence] [tos tos] [fragments] [time-range time-range-name]
[sn] {permit | deny} icmp [vlan out [inner in]] {source source-wildcard | host source | any} {source-mac-address
mask | host source-mac-address | any} {destination destination-wildcard | host destination | any} {destination-
mac-address mask | host destination-mac-address | any} [icmp-type] [[icmp-type [icmp-code]] | [icmp-
message]] [precedence precedence] [tos tos] [fragments] [time-range time-range-name]
no sn
Parameters
sn (Optional) Specifies the ACE sequence number. This number must be between 1
and 65535.
source Specifies the source IP address.
source-wildcard Applies wildcard bits to the source.
host source Specifies a specific source IP address.
any Means any source or destination IP or MAC address.
destination Specifies the destination IP address.
destination-wildcard Applies wildcard bits to the destination.
host destination Specifies a specific destination IP address.
source-mac-address Specifies the source MAC address.
destination-mac-address Specifies the destination MAC address.
mask Specifies the MAC address mask.
vlan out (Optional) Specifies the outer VID used. This value must be between 1 and 4094.
vlan inner in (Optional) Specifies the inner VID used. This value must be between 1 and 4094.
cos out (Optional) Specifies the outer priority value. This value must be betwee 0 and 7.
cos inner in (Optional) Specifies the inner priority value. This value must be between 0 and 7.
ethernet-type (Optional) Specifies the Ethernet type as a pair of hexadecimal numbers and mask
(from 0x0 to 0xFFFF) or the name of an Ethernet type. Names that can be used are
'arp', 'aarp', 'appletalk', 'decnet-iv', 'etype-6000', 'etype-8042', 'lat', 'lavc-sca', 'mop-
console', 'mop-dump', 'vines-echo', 'vines-ip', 'xns-idp'.
Loading ...
Loading ...
Loading ...