Manualshelf

Specifications

ManualsBrandsCabletron Systems ManualsComputer equipmentSmartSwitch Router
21222324252627282930
Table Of Contents
Chapter 1: acl Commands
1 - 10 SSR Command Line Interface Reference Manual
acl permit|deny ip
Purpose
Create an IP ACL.
Format
acl <
name>
permit|deny ip
<SrcAddr/Mask> <DstAddr/Mask>
<SrcPort> <DstPort> <tos>
Mode
Configure
Description
The
acl
permit
ip
and
acl
deny
ip
commands define an Access Control List to
allow or block IP traffic from entering or leaving the router. Unlike the more specific
variants of the acl commands for
tcp
and
udp
, the
ip
version of the command includes
IP-based protocols such as
tcp
,
udp
,
icmp
and
igmp
. For each of the values
describing a flow, you can use the keyword any to specify a wildcard (“don’t care”)
condition. If you do not specify a value for a field, the SSR assumes that the value is a
wildcard (as if you had specified the
any
keyword).
Parameters
<name>
Name of this ACL. You can use a string of characters or a
number.
<SrcAddr/Mask>
The source address and the filtering mask of this flow. If the
source address is a network or subnet address, you must sup-
ply the filtering mask. Generally, the filtering mask is the net-
work mask of this network or subnet. If the source address is
that of a host then no mask is required. By default, if a mask
is not supplied, the source address is treated as that of a host.
You can specify the mask using the traditional IP address for-
mat (“255.255.0.0”) or the CIDR format (“/16”).
<DstAddr/Mask>
The destination address and the filtering mask of this flow.
The same requirements and restrictions for
<SrcAddr/Mask>
apply to
<DstAddr/Mask>
.
<SrcPort>
For TCP or UDP, the number of the source TCP or UDP port.
This field applies only to TCP or UDP traffic. If the incoming
packet is ICMP or another non-TCP or non-UDP packet and
you specified a source or destination port, the SSR does not