User guide
16-10 E
XTREME
W
ARE
S
OFTWARE
U
SER
G
UIDE
A
CCESS
P
OLICIES
create access-list icmp destination
[<dest_ipaddress>/<mask> | any] source
[<src_ipaddress>/<source_mask> | any] type
<icmp_type> code <icmp_code> [permit |
deny] {<portlist>} {log}
Creates a named IP access list. The access list
is applied to all ingress packets. Options include:
■
<name> — Specifies the access list name.
The access list name can be between 1 and
16 characters.
■
icmp — Specifies an ICMP access list.
■
destination — Specifies an IP destination
address and subnet mask. A mask length of
32 indicates a host entry.
■
source — Specifies an IP source address
and subnet mask.
■
type — Specifies the ICMP_TYPE number.
The ICMP type is a number from 0 to 255.
■
code — Specifies the ICMP_CODE number.
The ICMP code is a number from 0 to 255.
■
permit — Specifies the packets that match
the access list description are permitted to be
forward by this switch. An optional QoS profile
can be assigned to the access list, so that the
switch can prioritize packets accordingly.
■
deny — Specifies the packets that match the
access list description are filtered (dropped)
by the switch.
■
log — Logs a message to the Syslog facility
for each packet that matches the access-list
description. The message details the
properties of the packet.
delete access-list <name> Deletes an access list.
disable access-list <name> counter Disables the collection of access-list statistics.
enable access-list <name> counter Enables the collection of access-list statistics.
The default setting is enabled.
show access-list {<name> | ports <portlist>} Displays access-list information.
show access-list-fdb Displays the hardware access control list
mapping.
show access-list-monitor Refreshes the access-list information display.
Table 16-1: Access List Configuration Commands (continued)
Command Description