User manual
Overview
5-8
access-list
(<100-199>|<2000-2699>)
{deny | permit | mark {dot1p
<0-7> | tos <0-255>}}
{icmp}
{source/source-mask | host
source | any}
{destination/ destination-
mask | host destination | any}
[icmp-type |
[icmp-type icmp-code]]
[log]
[rule-precedence access-list-
entry precedence]
Add an Extended IP access list entry using icmp keyword.
• (<100-199>|<2000-2699>) – For ICMP extended ACLs, the ACL number
must be between 2000-2699.
• {deny | permit | mark {dot1p <0-7> | tos <0-255>}} – Action types on
an ACL. The action type
mark is functional only over a Port ACL.
•{icmp} – Specify icmp as protocol.
• {source/source-mask | host source | any} – Source is the source
address of the network or host in dotted decimal. Source-mask is the
network mask. For example, 10.1.1.10/24 indicates the first 24 bits of
the source IP are used for matching.
• The keyword any is an abbreviation for source an IP of 0.0.0.0 and
source-mask bits equal to 0.
• The keyword host is an abbreviation for exact source (A.B.C.D)
and source-mask bits equal to 32.
• {destination/ destination-mask | host destination | any} – The
destination host IP address or destination network address.
• [icmp-type |icmp-type icmp-code] – ICMP type value from 0 - 255.
Valid only for protocol type icmp. ICMP code value from 0 - 255. Valid
only for a protocol type of icmp.
• [log] – Generates log messages when the packet coming from the
interface matches the ACL entry. Log messages are generated only for
router ACL’s.
• [rule-precedence access-list-entry precedence] – Integer value
between 1-5000. This value sets the rule precedence in the ACL.