763
Functions:
Create a numeric extended IP access rule to match specific IP protocol or all
IP protocol; if access-list of this coded numeric extended does not exist, thus to create
such a access-list.
Parameters:
<num>
is the No. of access-list, 100-199;
<protocol> is the No. of
upper-layer protocol of ip, 0-255; <sIpAddr>
is the source IP address, the format is
dotted decimal notation;
<sMask >
is the reverse mask of source IP, the format is dotted
decimal notation;
<dIpAddr>
is the destination IP address, the format is dotted decimal
notation;
<dMask>
is the reverse mask of destination IP, the format is dotted decimal
notation, attentive position o, ignored position1;
<igmp-type>
,the type of igmp, 0-15;
<icmp-type>
, the type of icmp, 0-255;
<icmp-code>,
protocol No. of icmp, 0-255;
<prec>
,
IP priority, 0-7;
<tos>
, to value, 0-15;
<sPort>
, source port No., 0-65535;
<dPort>
,
destination port No., 0-65535;
<time-range-name>
,
name of time-range.
Command Mode:
Global mode
Default:
No access-lists configured.
Usage Guide:
When the user assign specific
<num>
for the first time, ACL of the serial
number is created, then the lists are added into this ACL.
<igmp-type>
represent the type of IGMP packet, and usual values please refer to the
following description:
17(0x11): IGMP QUERY packet
18(0x12): IGMP V1 REPORT packet
22(0x16): IGMP V2 REPORT packet
23(0x17): IGMP V2 LEAVE packet
34(0x22): IGMP V3 REPORT packet
19(0x13): DVMR packet
20(0x14): PIM V1 packet
Particular notice: the packet types included here are not the types excluding IP OPTION.
Normally, IGMP packet contains OPTION fields, and such configuration is of no use for
this type of packet. If you want to configure the packets containing OPTION, please
directly use the manner where OFFSET is configured.
Examples:
Create the numeric extended access-list whose serial No. is 110. deny icmp
packet to pass, and permit udp packet with destination address 192. 168. 0. 1 and
destination port 32 to pass.
Switch(Config)#access-list 110 deny icmp any any-destination
Switch(Config)#access-list 110 permit udp any host-destination 192.168.0.1 d-port 32
19.2.2.4 access-list(ip standard)
Command: access-list <num> {deny | permit} {{<sIpAddr> <sMask >} | any| {host