brocade-communications-sy rfs6000 用户手册

Global Configuration commands

5

access-list

Adds an Access List (ACL) entry. Use the 

access-list

 command (under Global Configuration) to 

configure the access list mechanism for filtering frames by protocol type or vendor code.

ACLs control access to the network through a set of rules. Each rule specifies an action which is 
taken when a packet matches it within the given set of rules. If the action is deny, the packet is 
dropped and if the action is permit, the packet is allowed. The controller supports the following 
ACLs:

•

IP Standard ACLs

•

IP Extended ACLs

•

MAC Extended ACLs 

ACLs are identified by either a number or a name. Numbers are predefined for IP Standard and 
Extended ACLs, and the name can be any valid alphanumeric string (not exceeding 64 characters). 
With numbered ACLs, the rule parameters have to be specified on the same command line along 
with the ACL identifier.

Supported in the following platforms:

•

Mobility RFS4000 Controller

•

Mobility RFS6000 Controller

•

Mobility RFS7000 Controller

Syntax

 [<1-99>|<100-199>|<1300-1999>|<2000-2699>]

For Standard IP ACLs:

 [<1-99>|<1300-1999>] [deny|permit|mark]

access-list [<1-99>|<1300-1999>] deny [<IP/MASK>|any|

host <IP>] 

{[rule-precedence <1-5000>|

log {rule-precedence <1-5000>}]}

access-list [<1-99>|<1300-1999>] permit [<IP/MASK>|any|

host <IP>] 

{[rule-precedence <1-5000>|

log {rule-precedence <1-5000>}]}

access-list [<1-99>|<1300-1999>] mark [8021p <0-7>|

dscp <0-63>|tos <0-255>] [<IP/MASK>|any|host <IP>] 

{[rule-precedence <1-5000>|log {rule-precedence <1-5000>}]}

For Extended IP ACLs:

[icmp|ip|tcp|upd]

access-list [<100-199>|<2000-2699>] [deny|permit|mark] icmp 

[<source-IP/Mask>|any|host <IP>] [<dest-IP/Mask>|any|host <IP>]

 {<ICMP-type> 

{<ICMP-code>}} {log} {rule-precedence <1-5000>}

access-list [<100-199>|<2000-2699>] [deny|permit|mark]ip 

[<source-IP/Mask>|any|host <IP>] [<dest-IP/Mask>|any|host <IP>] 

{log} 

{rule-precedence <1-5000>}