Gigabit Ethernet Switch Management Guide
C
ONFIGURING
THE
S
WITCH
3-64
CLI – This example configures one permit rule for the specific address
10.1.1.21 and another rule for the address range 168.92.16.x – 168.92.31.x
using a bitmask.
Configuring an Extended IP ACL
Command Attributes
• Action – An ACL can contain either all permit rules or all deny rules.
(Default: Permit rules)
• Src/Dst IP – Specifies the source or destination IP address. Use
“Any” to include all possible addresses, “Host” to specify a specific
host address in the Address field, or “IP” to specify a range of
addresses with the Address and SubMask fields. (Options: Any, Host,
IP; Default: Any)
• Src/Dst Address – Source or destination IP address.
• Src/Dst SubMask – Subnet mask for source or destination address.
(See the description for SubMask on page 3-63.)
• Service Type – Packet priority settings based on the following criteria:
- Precedence – IP precedence level. (Range: 0-7)
- TOS – Type of Service level. (Range: 0-15)
- DSCP – DSCP priority level. (Range: 0-64)
• Protocol – Specifies the protocol type to match as TCP, UDP or
Others, where others indicates a specific protocol number (0-255).
(Options: TCP, UDP, Others; Default: TCP)
• Src/Dst Port – Source/destination port number for the specified
protocol type. (Range: 0-65535)
• Src/Dst Port Bitmask – Decimal number representing the port bits
to match. (Range: 0-65535)
• Control Code – Decimal number (representing a bit string) that
specifies flag bits in byte 14 of the TCP header. (Range: 0-63)
Console(config-std-acl)#permit host 10.1.1.21 3-119
Console(config-std-acl)#permit 168.92.16.0 255.255.240.0
Console(config-std-acl)#