DELL PC7024 User Manual
ACL Commands
273
{deny | permit} {every | {{icmp | igmp | ip | tcp | udp |
number} srcip
srcmask [{eq {portkey | 0-65535} dstip dstmask [{eq {portkey| 0-65535}]
[precedence
precedence | tos tos tosmask | dscp dscp] [log] [time-range
time-range-name] [assign-queue queue-id] [{mirror | redirect} interface-id]
Parameter Description
This command does not require a parameter description.
Default Configuration
This command has no default configuration.
Command Mode
Ipv4-Access-List Configuration mode
User Guidelines
Administrators are cautioned to specify permit and deny rule matches as fully
as is possible in order to avoid false matches. Rules that specify a port value
should also specify the protocol and ethertype. Rules that specify a protocol
should also specify the ethertype value for the frame. In general, any rule that
specifies matching on an upper layer protocol field should also include
matching constraints for lower layer protocol fields. For example, a rule to
match packets directed to the well-known UDP port number 22 (SSH)
should also include constraints on the IP protocol field (UDP) and the
ethertype field (0x800 – IPv4). Below is a list of commonly used ethertypes:
Ethertype
Protocol
0x0800
Internet Protocol version 4 (IPv4)
0x0806
Address Resolution Protocol (ARP)
0x0842
Wake-on LAN Packet
0x8035
Reverse Address Resolution Protocol (RARP)
0x8100
VLAN tagged frame (IEEE 802.1Q)
0x86DD
Internet Protocol version 6 (IPv6)
0x8808
MAC Control
2CSPC4.XCT-SWUM2XX1.book Page 273 Monday, October 3, 2011 11:05 AM