Extreme 3804 User Guide
98
Summit24e3 Switch Installation and User Guide
Access Policies
create access-mask <access-mask name>
{dest-mac}
{source-mac}
{vlan }
{ethertype}
{tos | code-point}
{ipprotocol}
{dest-ip /<mask length>} {dest-L4port}
{source-ip /<mask length>}
{source-L4port | {icmp-type} {icmp-code}}
{permit-established}
{egressport}
{ports}
{precedence <number>}
{dest-mac}
{source-mac}
{vlan }
{ethertype}
{tos | code-point}
{ipprotocol}
{dest-ip /<mask length>} {dest-L4port}
{source-ip /<mask length>}
{source-L4port | {icmp-type} {icmp-code}}
{permit-established}
{egressport}
{ports}
{precedence <number>}
Creates an access mask. The mask specifes
which packet fields to examine. Options include:
which packet fields to examine. Options include:
•
<acess-mask name>
— Specifies the
access mask name. The access mask name
can be between 1 and 31 characters.
can be between 1 and 31 characters.
•
dest-mac
— Specifies the destination MAC
address field.
•
source-mac
— Specifies the source MAC
address field.
•
vlan
— Specifies the VLANid field.
•
ethertype
— Specifies the Ethertype field.
•
tos
— Specifies the IP precedence field.
•
code-point
— Specifies the DiffServ code
point field.
•
ipprotocol
— Specifies the IP protocol
field.
•
dest-ip
— Specifies the IP destination field
and subnet mask. You must supply the
subnet mask.
subnet mask.
•
dest-L4port
— Specifies the destination
port field.
•
source-ip
— Specifies the IP source
address field and subnet mask. You must
supply the subnet mask.
supply the subnet mask.
•
source-L4port
— Specifies the source
port field.
•
icmp-type
— Specify the ICMP type field.
•
icmp-code
— Specify the ICMP code field.
•
permit-established
— Specifies the TCP
SYN/ACK bit fields.
•
egressport
— Specify the egress port
•
ports
— Specifies the ingress port(s) on
which this rule is applied.
•
precedence
— Specifies the access mask
precedence number. The range is 1 to
25,600.
25,600.
Table 25: Access Control List Configuration Commands (continued)
Command
Description