D-Link DGS-6608 — iP Access List Configuration Guide for Network Switches [264/1106]

Превью страниц Страница 264 / 1106

DGS-6600 Series Switch ip access-list

CLI Reference Guide

254

ip access-list

Use the command to create or modify an IP access list. This command enters

the user interface into the ip access-list configuration mode. Use no command

to remove an IP access list.

ip access-list [extended] NAME

no ip access-list [extended] NAME

Default Deny all traffic (implicit).

Command Mode Global configuration.

Usage Guideline The access list is always terminated by an implicit deny statement for all traffic

and that is the default statement.

When applying an IP access list to an interface, only one IP access list can be

applied.

The name must be unique among all (including MAC, IP, or IPv6) access lists

and the characters are case sensitive.

An error message will appear if the allowed number is exceeded after execution

of the command.

An IP access list can not be deleted if it is applied at an interface.

An IP extended access list can only be grouped with an interface, but not any

other S/W modules (such as PIM-DM, etc).

Examples This example shows how to configure an extended IP access list, named Strict-

Control and an IP access list, named pim-srcfilter.

Syntax Description

extended (Optional) Used to create an IP access list (a list of related IP addresses such as

source IP addresses or destination IP addresses) or an IP extended access list

(more information can be chosen).

NAME The name of the IP access list to be configured. The syntax is a general string

that does not allow spaces, up to 32 characters in length.

Switch(config)#ip access-list extended Strict-Control

The maximum available of IP extended access-list is 255

Swtich(config-ip-ext-acl)#permit tcp any 10.20.0.0 255.255.0.0

Swtich(config-ip-ext-acl)#exit

Swtich(config)#ip access-list pim-srcfilter

The maximum available of IP access-list is 255

Switch(config-ip-acl)#permit host 172.16.65.193 any