Specifications

ManualsBrandsEnterasys ManualsComputer equipmentN Standalone (NSA) Series

811

812

813

814

815

816

817

818

819

820

Configuring Access Lists access-list (extended)

24-18 Security Configuration

To apply ACL restrictions to IP, UDP, or ICMP packets:

access-list access-list-number {deny | permit} protocol source [source-wildcard]

[operator [port]] destination [destination-wildcard] [operator [port]]

[tos-extensions][icmp-type [icmp-code] [log]

To apply ACL restrictions to TCP packets:

access-list access-list-number {deny | permit} protocol source [source-wildcard]

[operator [port]] destination [destination-wildcard] [operator [port]]

[tos-extensions][icmp-type [icmp-code] [established] [log]

no access-list access-list-number [entry]

Parameters

access‐list‐number Specifiesanextendedaccesslistnumber.Validvaluesarefrom100to

199.

insert|replaceentry (Optional)Insertsthisnewentrybeforeaspecifiedentryinanexisting

ACL,orreplacesaspecifiedentrywiththisnewentry.

log1‐5000|all EnablesyslogforACLentry

hits.Enablesyslogforsequentialnumbers

ofACLentriesorforallACLentries.

movedestination

source1source2

(Optional)Movesasequenceofaccesslistentriesbeforeanotherentry. 

Destinationisthenumberoftheexistingentrybeforewhichthisnew

entrywillbemoved.Source1isasingleentrynumberor

thefirstentry

numberintherangetobemoved.Source2(optional)isthelastentry

numberintherangetobemoved.Ifnotspecified,onlythesource1entry

willbemoved.

deny|permit Deniesorpermitsaccessifspecifiedconditionsaremet.

protocol SpecifiesanIPprotocolforwhich

todenyorpermitaccess.Validvalues

andtheircorrespondingprotocolsare:

•0–255‐AnyIPprotocolnumber,aslistedinhttp://www.iana.org/

assignments/protocol‐numbers

• ip‐AnyInternetprotocol

• icmp‐InternetControlMessageProtocol

• udp‐UserDatagramProtocol

• tcp‐TransmissionProtocol

• ah‐AuthenticationHeaderProtocol

• esp‐EncapsulationSecurityPayload

• gre

‐GenericRouterEncapsulationProtocol

source Specifiesthenetworkorhostfromwhichthepacketwillbesent.Valid

optionsforexpressingsourceare:

•IPaddressorrangeofaddresses(A.B.C.D)

• any‐Anysourcehost

• hostsource‐IPaddressofasinglesourcehost

source‐wildcard (Optional)Specifiesthebitstoignorein

thesourceaddress.