Qtech QSW-8200-52T-AC [15/114] Access list mac standard
Макгруп McGrp.ru
Задайте вопрос
Зарегистрироваться

Qtech QSW-8200-52T-AC [15/114] Access list mac standard

Qtech QSW-8200-52T-AC [15/114] Access list mac standard
User Manual
Chapter 1. Commands for ACL 15
www.qtech.ru
notation expression; host: means the address is the that the destination host address,
otherwise the network IP address; destination-wildcard: mask of destination. I
Numbers of 32-bit binary system expressed by decimal’s numbers with four-point
separated, reverse mask; s-port(optional): means the need to match TCP/UDP source
port; port1(optional): value of TCP/UDP source interface No., Interface No. is an integer
from 0-65535; d-port(optional): means need to match TCP/UDP destination interface;
<sPortMin>, the down boundary of source port; <sPortMax>, the up boundary of
source port; port3(optional): value of TCP/UDP destination interface No., Interface No.
is an integer from 0-65535; <dPortMin>, the down boundary of destination
port;<dPortMax>, the up boundary of destination port; [ack] [fin] [psh] [rst] [urg]
[syn],(optional) only for TCP protocol, multi-choices of tag positions are available, and
when TCP data reports the configuration of corresponding position, then initialization
of TCP data report is enabled to form a match when in connection; precedence
(optional) packets can be filtered by priority which is a number from 0-7; tos (optional)
packets can be filtered by service type which ia number from 0-15; icmp-type
(optional) ICMP packets can be filtered by packet type which is a number from 0-255;
icmp-code (optional) ICMP packets can be filtered by packet code which is a number
from 0-255; igmp-type (optional) ICMP packets can be filtered by IGMP packet name
or packet type which is a number from 0-255; <time-range-name>, name of time range
Command Mode: Global mode
Default Configuration: No access-list configured.
Usage Guide: When the user assign specific <num> for the first time, ACL of the serial
number is created, then the lists are added into this ACL; the access list which marked
3200-3299 can configure not continual reverse mask of IP address.
Examples: Permit the passage of TCP packet with source MAC 00-12-34-45-XX-XX, any
destination MAC address, source IP address 100.1.1.0 0.255.255.255, and source port
100 and destination interface 40000.
Switch(config)#access-list 3199 permit 00-12-34-45-67-00 00-00-00-00-FF-FF any-
destination-mac tcp 100.1.1.0 0.255.255.255 s-port 100 any-destination d-port 40000
1.8 access-list(mac standard)
Command: access-list <num> {deny|permit} {any-source-mac | {host-source-mac
<host_smac> } | {<smac> <smac-mask>} }
no access-list <num>
Functions: Define a standard numeric MAC ACL rule, no command deletes a standard
numeric MAC ACL access-list rule.
Parameters: <num> is the access-list No. which is a decimal’s No. from 700-799; deny if
rules are matching, deny access; permit if rules are matching, permit access;
<host_smac>, <sumac> source MAC address; <sumac-mask> mask (reverse mask) of
source MAC address.
Command Mode: Global mode

Содержание

Похожие устройства

Скачать