Home
Главная
Qtech
Коммутаторы
QSW-3200-28T
Руководство пользователя Страница: 61

Qtech QSW-3200-28T Руководство пользователя онлайн [61/136] 481609

+7(495) 797-3311www.qtech.ru

Москва, Новозаводская ул., 18, стр. 1

Number ID of extended ACL is in the range of 100 to 199.

Caution: parameter port means TCP or UDP interface numberused by all kinds of superior

levels. For some common interface number, use corresponded mnemonic symbol to replace

the real number, such as using «bgp» to instead of the TCP interface number 179 of BGP

protocol. Details refer to corresponded command line.

(2) Define extended ACL with name ID

Extended ACL with name ID is using name ID to identify extended ACL.

Instruction:

Defining standard ACL with name ID should enter specified configuration mode: use access-

list extended in global configuration mode which can specify matching order of ACL. Use exit

command to be back from this mode.

Configure it in corresponded mode. Enter extended ACL with name ID (global configuration

mode).

access-list extended name [ match-order { config | auto } ]

Define extended ACL (extended ACL with name ID configuration mode)

{ permit | deny } [ protocol ] [ established ] { source-addr source-wildcard | any } [ port [

portmask ] ] { dest-addr dest-wildcard | any } [ port [ portmask ] ] [ icmp-type [ icmp-code ] ] { [

precedence precedence ] [ tos tos ] | [ dscp dscp ] } [ fragments ] [ time-range time-range-

name ]

Delete all the subitems or one subitem in one ACL with number ID or name ID or all ACLs.

(global configuration mode)

no access-list { all | { access-list-number | name access-list-name } [ subitem ] }

Use { permit | deny } command repeatedly to define more rules for the same ACL. Specifying

matching order cannot be modified.

Caution: parameter port means TCP or UDP interface numberused by all kinds of superior

levels. For some common interface number, use corresponded mnemonic symbol to replace

the real number, such as using «bgp» to instead of the TCP interface number 179 of BGP

protocol. Details refer to corresponded command line.

 Define layer 2 ACL

Switch can define at most 100 layer 2 ACL with the number ID (the number is in the range of

200 to 299), at most 1000 layer 2 ACL with the name ID and totally 3000 sub-rules. It can

define 128 sub-rules for an ACL (this rule can suit both ACL with name ID and number ID).

Layer 2 ACL only classifies data packet according to the source MAC address, source VLAN

ID, layer protocol type, layer packet received and retransmission interface and destination

MAC address of layer 2 frame head of data packet and analyze the matching data packet.

(1) Define layer 2 ACL based on number ID

Layer 2 ACL based on number ID is using number to be ID of layer 2 ACL. Use following

command to define layer 2 ACL based on number ID.

Configure it in global configuration mode.

Define layer 2 ACL based on number ID

access-list access-list-number3 { permit | deny } [ protocol ] [ cos vlan-pri ] ingress { { [ source-

vlan-id ] [ source-mac-addr source-mac-wildcard ] [ interface interface-num ] } | any } egress {

{ [ dest-mac-addr dest-mac-wildcard ] [ interface interface-num | cpu ] } | any } [ time-range

time-range-name ]

Define the matching order of ACL:

access-list access-list-number match-order { config | auto }

Delete all the subitems or one subitem in one ACL with number ID or name ID or all ACLs.

no access-list { all | { access-list-number | name access-list-name } [ subitem ] }

Use access-list command repeatedly to define more rules for the same ACL.

Qtech QSW-3200-28T Руководство пользователя онлайн [61/136] 481609

Содержание

Похожие устройства