User Manual
[Note]
The restrictions of the access list apply only to frames that are subject to being relayed. Frames that are transmitted
autonomously are excluded from these restrictions.
It is not possible to register multiple access lists for a single interface.
Access lists can be applied only to LAN/SFP ports. (Logical interfaces are not supported.)
[Example]
Apply standard IPv4 access list #1 to received frames of LAN port #1.
SWP1(config)#interface ge1
SWP1(config-if)#ip access-group 1 in
13.1.4 Generate extended IPv4 access list
[Syntax]
access-list ext-ip-acl-id action protocol src-info [src-port] dst-info [dst-port]
no access-list ext-ip-acl-id [action protocol src-info [src-port] dst-info [
dst-port]]
[Parameter]
ext-ip-acl-id : <100-199>, <2000-2699>
ID of extended IPv4 access list
action : Specifies the action for the access condition
Setting value Description
deny "Deny" the condition
permit "Permit" the condition
protocol : Specifies the applicable protocol type.
Setting value Description
<0-255> Protocol number of the IP header
any All IPv4 packets
tcp TCP packets
udp UDP packets
src-info : Specifies the transmission-source IPv4 address that is the condition
Setting value Description
A.B.C.D E.F.G.H
Specifies an IPv4 address (A.B.C.D) with
wildcard bits (E.F.G.H)
A.B.C.D/X
Specifies an IPv4 address (A.B.C.D) with subnet
mask length (Xbit)
host A.B.C.D Specifies a single IPv4 address (A.B.C.D)
any Applies to all IPv4 addresses
src-port : <0-65535>
If PROTOCOL is specified as tcp or udp, this specifies the transmission source port number
<0-65535> that is the condition. This can also be omitted.
Method of specifying Description
eq X Specify port number (X)
range X Y Specify port numbers (X) through (Y)
dst-info : Specifies the destination IPv4 address information that is the condition
Command Reference | Traffic control | 169