Chapter4ServiceConguration
4.13.14ingress-aclextendruletype-ip
Purpose
ThiscommandsetstherulethattheextendedingressACLisusedtomatchIPmessages.
CommandMode
ExtendedingressACLcongurationmode
Syntax
rule<1-500>{permit|deny}ip{<source-ipaddr><sip-mask>|any}{<destination-ipaddr><dip-m
ask>|any}[dscp<0-63>][fragment]
ParameterDescription
ParameterDescription
<1-500>Rulenumber.
permitIftheconditionmatches,accessispermitted.
denyIftheconditionmatches,accessisdenied.
ip
ThisruleonlymatchesIPmessage.Non-IPmessageignores
thisrule.
<source-ipaddr>
IPaddressofthesourcenetworkorhosttransmittingpackets.Itis
a32-bitIPaddressexpressedindotteddecimalnotation.
<sip-mask>
Sourcemaskusedforsources.Itisa32-bitIPaddressexpressed
indotteddecimalnotation.
any(rst)
Theanykeywordisusedastheabbreviationofthesource0.0.0.0
andthesourcemask0.0.0.0.
<destination-ipaddr>
Destinationnetworkorhostofthetransmittedpacket.Itisa32-bit
IPaddressexpressedindotteddecimalnotation.
<dip-mask>
Destinationmaskusedfordestination.Itisa32-bitIPaddress
expressedindotteddecimalnotation.
any(second)
Theanykeywordisusedastheabbreviationofthedestination
0.0.0.0andthedestinationmask0.0.0.0
dscp<0-63>
ThisruleisonlyvalidformessageswiththespeciedDSCPvalue.
Ignorethisruleforothermessages.TherangeofDSCPis0to63.
fragment
Thisruleisonlyvalidforfragmentmessages.Non–fragment
messagesignorethisrule.
4-223
SJ-20131111172707-003|2013-11-27(R1.0)ZTEProprietaryandCondential
To Next Page
Loading...
Need help?
General
