C
HAPTER
23
| ACL Commands
– 322 –
acl add
This command adds or modifies an access control entry.
S
YNTAX
acl add
[
ace-id
] [
ace-id-next
]
[
switch
| (
port
port
) | (
policy
policy
)]
[
vlan-id
] [
tag-priority
] [
dmac-type
]
[(
etype
[
ethernet-type
] [
smac
] [
dmac
]) |
(
arp
[
sip
] [
dip
] [
smac
] [
arp-opcode
] [
arp-flags
]) |
(
ip
[
sip
] [
dip
] [
protocol
] [
ip-flags
]) |
(
icmp
[
sip
] [
dip
] [
icmp-type
] [
icmp-code
] [
ip-flags
]) |
(
udp
[
sip
] [
dip
] [
sport
] [
dport
] [
ip-flags
]) |
(
tcp
[
sip
] [
dip
] [
sport
] [
dport
] [
ip-flags
] [
tcp-flags
])]
[
permit
|
deny
] [
rate-limiter
] [
port-copy
] [
logging
] [
shutdown
]
ace-id
- An ACL entry which specifies one of the following criteria to
be matched in the ingress frame. (Range: 1-128; Default: Next
available ID)
ace-id-next
- Inserts the ACE before this row. If not specified, the
ACE is inserted at the bottom of the list. (Range: 1-128)
switch
- ACE applies to all ports on the switch.
port
port
- ACE applies to specified port or a range of ports.
(Range: 1-28)
policy
policy
- An ACL policy identifier to which this ACE is
assigned. (Range: 1-8)
vlan-id
- The VLAN to filter for this rule. (Range: 1-4095, or
any
)
tag-priority
- Specifies the User Priority value found in the VLAN tag
(3 bits as defined by IEEE 802.1p) to match for this rule. (Range: 0-
7, or
any
)
dmac-type
- The type of destination MAC address. (Options:
any
,
unicast
,
multicast
,
broadcast
; Default:
any
)
etype
- One of the following Ethernet or MAC parameters:
ethernet-type
- This option can only be used to filter Ethernet II
formatted packets. (Range: 0x600-0xffff hex, or
any
; Default:
any
)
A detailed listing of Ethernet protocol types can be found in RFC
1060. A few of the more common types include 0800 (IP), 0806
(ARP), 8137 (IPX).
smac
- Source MAC address (xx-xx-xx-xx-xx-xx) or
any
.
dmac
- Destination MAC address (xx-xx-xx-xx-xx-xx) or
any
.
arp
-
One of the following MAC or ARP parameters:
sip
- Source IP address (a.b.c.d/n) or
any
.
dip
- Destination IP address (a.b.c.d/n) or
any
.
smac
- Source MAC address (xx-xx-xx-xx-xx-xx) or
any
.
arp-opcode
- Specifies the type of ARP packet. (Options:
any
-
no ARP/RARP opcode flag is specified,
arp
- frame must have
Summary of Contents for 8028L2
Page 1: ...MANAGEMENT GUIDE TigerSwitchTM 10 100 1000 28 Port Gigabit Ethernet Switch SMC8028L2 ...
Page 6: ...ABOUT THIS GUIDE 6 ...
Page 22: ...FIGURES 22 ...
Page 26: ...SECTION Getting Started 26 ...
Page 46: ...CHAPTER 2 Initial Switch Configuration Managing System Files 46 ...
Page 48: ...SECTION Web Configuration 48 ...
Page 144: ...CHAPTER 4 Configuring the Switch Configuring DHCP Relay and Option 82 Information 144 ...
Page 184: ...CHAPTER 6 Performing Basic Diagnostics Running Cable Diagnostics 184 ...
Page 238: ...CHAPTER 12 Port Commands 238 ...
Page 244: ...CHAPTER 13 Link Aggregation Commands 244 ...
Page 262: ...CHAPTER 15 RSTP Commands 262 ...
Page 272: ...CHAPTER 16 IEEE 802 1X Commands 272 ...
Page 282: ...CHAPTER 17 IGMP Commands 282 ...
Page 290: ...CHAPTER 18 LLDP Commands 290 ...
Page 296: ...CHAPTER 19 MAC Commands 296 ...
Page 306: ...CHAPTER 21 PVLAN Commands 306 ...
Page 318: ...CHAPTER 22 QoS Commands 318 ...
Page 352: ...CHAPTER 26 SNMP Commands 352 ...
Page 355: ...CHAPTER 27 HTTPS Commands 355 EXAMPLE HTTPS redirect enable HTTPS ...
Page 356: ...CHAPTER 27 HTTPS Commands 356 ...
Page 362: ...CHAPTER 29 UPnP Commands 362 ...
Page 370: ...CHAPTER 31 Firmware Commands 370 ...
Page 372: ...SECTION Appendices 372 ...
Page 386: ...GLOSSARY 386 ...
Page 391: ...INDEX 391 ...
Page 392: ...149100000079A R01 SMC8028L2 ...