User's Manual

ManualsBrandsLucent Technologies ManualsSwitchLucent Technologies P220

Cajun P220, P550, P550R Switch Release Notes, Release 4.0.1 35

Policy Commands

Table1-12 shows new and changed Policy Commands in Release 4.0.1:

Table 1-12: Policy Commands

Old Command New Command New Definition/Argument

To Enable:

ip access-group

<access-list-name>

[default-action-deny]

To Disable:

[no] ip access-group

N/A There is no default.

To Enable:

ip access-list

<access-list-name>

<access-list-index>

{permit|deny|fwd[1-8]}

{<source-ip-addr>

[<source-wildcard>]

|any|host <source-ip-

addr>}

To Enable:

[ip] access-list

<access-list-name>

<access-list-index>

{permit|deny|fwd1-8}

<protocol-id>{<source-

ip-addr> <source-

wildcard>|any|host

<source-ip-addr> }

[{lt|eq|gt|range}

<port> [<port>]]

{<dest-ip-addr> <dest-

wildcard> | any | host

<dest-ip-addr> }

[{lt|eq|gt|range}

<port> [<port>]]

[established]

• <protocol-id> – name or

number of an IP protocol. It can be

one of the keywords eigrp, gre,

icmp, igmp, igrp, ip, ipinip, nos,

ospf, tcp, or udp, or an integer in

the range 0 to 255 representing an

IP protocol number. To match any

Internet protocol (including ICMP,

TCP, and UDP) use the keyword

ip.

• <dest-ip-addr> – number of

the network or host to which the

packet is being sent. Use a 32-bit

quantity in four-part, dotted-

decimal format. Use the keyword

any as an abbreviation for a dest

and dest -wildcard of 0.0.0.0 and

255.255.255.255. Use "host <dest-

ip-addr>" as an abbreviation for a

destination with dest-wildcard of

0.0.0.0.

To Disable:

[no] ip access-list

<access-list-name>

[<access-list-index>]

To Disable:

N/A

• <dest-wildcard> – wildcard

bits to be applied to the

destination. Use a 32-bit quantity

in four-part, dotted-decimal

format. Place ones in the bit

positions you want to ignore.

• operator – (Optional) Compares

source or destination ports.

Possible operands include: lt = less

than, gt =greater than, eq=equal,

neq =not equal, and range

=inclusive range.

If the operator is positioned after the

source and source-wildcard, it must

match the source port.

If the operator is positioned after the

destination and destination-wildcard,

it must match the destination port.