D-Link DGS-6608 — руководство по конфигурации IP Access List и MAC Access List [555/1106]
Макгруп McGrp.ru

D-Link DGS-6608 — руководство по конфигурации IP Access List и MAC Access List [555/1106]

Превью страниц Страница 555 / 1106
D-Link DGS-6604 [555/1106] Usage guideline
DGS-6600 Series Switch m permit | deny (ip access-list)
CLI Reference Guide
545
Default None.
Command Mode IP access list configuration or IP extended access list configuration.
Usage Guideline An interface can have only one MAC access list, one IP access list and one IPv6
access list applied to it.
The time range profile must be created before it can be specified in the
statement. Otherwise an error message will be displayed.
An error message will be displayed if the maximum number defined by the
system is exceeded.
All the configurable arguments (excluding time-range and priority) can be used to
differentiate one from another. These arguments are called differentiated
arguments. To remove an entry with the no form of this command, it is necessary
to specify the entry using the same value of all differentiating arguments that
have been specified (includes all optional parameters except time-range and
priority).
To update the time-range or priority, specify the entry with the same value of all
differentiating arguments, that have been configured, and the update value for
the time-range or priority.
The priority value must be unique in the domain of an access list. If a priority
value that is already present is entered, an error message will be shown.
Example This example shows create three entries for an ip access list, named "Strict-
Control". The three entries are: TCP packets destined to network 10.20.0.0/16,
TCP packets destined to host 10.100.1.2 and all ICMP packets.
OPERATOR PORT (Optional) Compares source or destination port. OPERATOR can be lt (less
than, match on a lower port number), gt (greater than, match on a greater
port), eq (equal, match on a specific port).
The PORT argument can be the L4 TCP/UDP source or destination port.
The acceptable range is from 0 to 65535 for eq operator. The acceptable
range is from 0 to 65534 for gt operator. The acceptable range is from 1 to
65534 for lt operator.
time-range PROFILE-
NAME
(Optional) Specifies the name of time-period profile for activation of the
access list. In the no form of the commands, this option, time-range (without
PROFILE-NAME), removes the setting of the active timer-period, rather
than removing the whole entry.
PRIORITY The range is 1 to 65535. The less number represents for the better priority. It
represents the rule sequence number.
tcp, udp, icmp, igmp, gre,
esp, eigrp, ospf, pim, vrrp
Layer 4 protocols.
PROTOCOL-ID Protocol ID refers to the protocol field in the IP header, as specified by a
number from 0 to 65535.

Содержание

4839

Похожие устройства

Изучите основные команды и параметры для настройки IP и MAC access list. Узнайте о приоритетах, временных диапазонах и различиях в аргументах.