5000 Series Layer 2/3 Managed Data Center Switch CLI Reference Guide
1197
Parameters
remark comment
Use the remark keyword to add a comment (remark) to an IP standard
or IP extended ACL. The remarks make the ACL easier to understand
and scan. Each remark is limited to 100 characters. A remark can
consist of characters in the range A-Z, a-z, 0-9, and special characters:
space, hyphen, underscore. Remarks are displayed only in show
running configuration. One remark per rule can be added for IP standard
or IP extended ACL. User can remove only remarks that are not
associated with a rule. Remarks associated with a rule are removed
when the rule is removed.
sequence-number
(Optional) Specifies a sequence number for the ACL rule. Every rule
receives a sequence number. A sequence number is specified by the
user or is generated by the device.
If a sequence number is not specified for the rule, a sequence number
that is 10 greater than the last sequence number in the ACL is used and
this rule is locate in the end of the list. If this is the first ACL rule in the
given ACL, a sequence number of 10 is assigned. If the calculated
sequence number exceeds the maximum sequence number value, the
ACL rule creation fails.
It is not allowed to create a rule that duplicates an already existing one
and a rule cannot be configured with a sequence number that is already
used for another rule.
For example, if user adds new ACL rule to ACL without specifying a
sequence number, it is placed at the bottom of the list. By changing the
sequence number, user can move the ACL rule to a different position in
the ACL.
1-99
or
100-199
Range 1 to 99 is the access list number for an IP standard ACL. Range
100 to 199 is the access list number for an IP extended ACL.
rule 1-1023
(Optional) Specifies the IP access list rule.
deny | permit
Specifies whether the IP ACL rule permits or denies an action.
Note:
For 5630x and 5650x-based systems, assign-queue, redirect, and
mirror attributes are configurable for a deny rule, but they have no
operational effect.
every
Match every packet.
eigrp | gre | icmp | igmp | ip
| ipinip | ospf | pim | tcp |
udp | 0-255
Specifies the protocol to filter for an extended IP ACL rule.
srcip srcmask | any | host
srcip
Specifies a source IP address and source netmask for match condition
of the IP ACL rule.
Specifying any specifies srcip as 0.0.0.0 and srcmask as
255.255.255.255.
Specifying host A.B.C.D specifies srcip as A.B.C.D and srcmask as
0.0.0.0.
range {portkey | startport}
{portkey | endtport} {eq | neq
| lt | gt} {portkey | 0-65535}
Note:
This option is available only if the protocol is TCP or UDP.
Specifies the source layer 4 port match condition for the IP ACL rule.
You can use the port number, which ranges from 0-65535, or you
specify the
portkey
, which can be one of the following keywords:
•
For TCP: bgp, domain, echo, ftp, ftp-data, http, smtp, telnet,
www, pop2, pop3.
Содержание 5000 Series
Страница 1: ...Draft 1 2 1 ...
Страница 141: ...5000 Series Layer 2 3 Managed Data Center Switch CLI Reference Guide 135 ...