104
access-list extended
Description
The
access-list extended
command is used to add Extended-IP ACL rule. To
delete the corresponding rule, please use
no access-list extended
command.
Syntax
access-list extended
acl-id
rule
rule-id
{ deny | permit } [[
sip
source-ip
]
smask
source-ip-mask
] [[
dip
destination-ip
]
dmask
destination-ip-mask
]
[
s-port
s-port
] [
d-port
d-port
] [
protocol
protocol
]
no access-list extended
acl-id
rule
rule-id
Parameter
acl-id
——
The desired Extended-IP ACL for configuration.
rule-id
——
The rule ID.
deny
——
The operation to discard packets.
permit
——
The operation to forward packets. It is the default value.
source-ip
——
The source IP address contained in the rule.
source-ip-mask
——
The source IP address mask. It is required if you typed
the source IP address.
destination-ip
——
The destination IP address contained in the rule.
destination-ip-mask
——
The destination IP address mask. It is required if you
typed the destination IP address.
s-port
——
The source port number.
d-port
——
The destination port number.
protocol
——
Configure the value of the matching protocol.
Command Mode
Global Configuration Mode
Example
Create an Extended-IP ACL whose ID is 220, and add Rule 10 for it. In the rule,
the source IP address is 192.168.0.100, the source IP address mask is
255.255.255.0, and the packets match this rule will be forwarded by the switch:
TL-SL2428(config)# access-list create
220
TL-SL2428(config)# access-list extended
220
rule
10 permit
sip
192.168.0.100
smask
255.255.255.0