Главная
Skipped breadcrumb items
QSW-8200-28T-AC
Команды для функции безопасности Страница: 27

Главная
Qtech
QSW-8200-28T-AC
Команды для функции безопасности Страница: 27

Qtech QSW-8200-28T-AC — руководство пользователя: команды для ACL и их параметры [27/114]

Превью страниц Страница 27 / 114

Qtech QSW-8200-52T-AC Команды для функции безопасности онлайн [27/114] 481623

User Manual

Chapter 1. Commands for ACL 27

www.qtech.ru

<destination> <destination-wildcard> }|any-destination| {host-destination

<destination-host-ip> }} [d-port { <port3> | range <dPortMin> <dPortMax> }]

[precedence <precedence> ] [tos <tos> ][time-range <time-range-name> ]

 [no]{deny|permit}{any-source-mac|{host-source-mac<host_smac>}|{<smac> <smac-

mask>}}{any-destination-mac|{host-destination-mac<host_dmac>}| {<dmac><dmac-

mask>}}{eigrp|gre|igrp|ip|ipinip|ospf|{<protocol-num>}} {{<source><source-

wildcard>}|any-source|{host-source<source-host-ip>}}

{{<destination><destination-wildcard>}|any-destination|{host-destination

<destination-host-ip>}} [precedence <precedence>] [tos <tos>][time-range<time-

range-name>]

 Functions: Define an extended name MAC-IP ACL rule, no form deletes one extended

numeric MAC-IP ACL access-list rule.

 Parameters: num access-list serial No. this is a decimal’s No. from 3100-3199; deny if

rules are matching, deny to access; permit if rules are matching, permit to access; any-

source-mac: any source MAC address; any-destination-mac: any destination MAC

address; host_smac, smac: source MAC address; smac-mask: mask (reverse mask) of

source MAC address ; host_dmac , dmas destination MAC address; dmac-mask mask

(reverse mask) of destination MAC address; protocol No. of name or IP protocol. It can

be a key word: eigrp, gre, icmp, igmp, igrp, ip, ipinip, ospf, tcp, or udp, or an integer

from 0-255 of list No. of IP address. Use key word ‘ip’ to match all Internet protocols

(including ICMP, TCP, AND UDP) list; source-host-ip, source No. of source network or

source host of packet delivery. Numbers of 32-bit binary system with dotted decimal

notation expression; host: means the address is the IP address of source host,

otherwise the IP address of network; source-wildcard: reverse of source IP. Numbers of

32-bit binary system expressed by decimal’s numbers with four-point separated,

reverse mask; destination-host-ip, destination No. of destination network or host to

which packets are delivered. Numbers of 32-bit binary system with dotted decimal

notation expression; host: means the address is that the destination host address,

otherwise the network IP address; destination-wildcard: mask of destination. I

Numbers of 32-bit binary system expressed by decimal’s numbers with four-point

separated, reverse mask; s-port(optional): means the need to match TCP/UDP source

port; port1(optional): value of TCP/UDP source interface No., Interface No. is an integer

from 0-65535; <sPortMin>, the down boundary of source port; <sPortMax>, the up

boundary of source port; d-port(optional): means need to match TCP/UDP destination

interface; port3(optional): value of TCP/UDP destination interface No., Interface No. is

an integer from 0-65535; <dPortMin>, the down boundary of destination port;

<dPortMax>, the up boundary of destination port; [ack] [fin] [psh] [rst] [urg] [syn],

(optional) only for TCP protocol, multi-choices of tag positions are available, and when

TCP data reports the configuration of corresponding position, then initialization of TCP

data report is enabled to form a match when in connection; precedence (optional)

packets can be filtered by priority which is a number from 0-7; tos (optional) packets

can be filtered by service type which ia number from 0-15; icmp-type (optional) ICMP

Qtech QSW-8200-28T-AC — руководство пользователя: команды для ACL и их параметры [27/114]

Содержание

Похожие устройства