ACL Commands 247
specified name does not exist, and the IP ACL containing this ACL rule is
applied to an interface or bound to a VLAN, then the ACL rule is applied
immediately. If a time range with the specified name exists, and the IP ACL
containing this ACL rule is applied to an interface or bound to a VLAN, then
the ACL rule is applied when the time-range with a specified name becomes
active. The ACL rule is removed when the time-range with a specified name
becomes inactive.
Syntax
{deny | permit} {
every
| any} {
dstmac
| any} [
ethertypekey
|
0x0600-
0xFFFF
] vlan {eq
0-4095
}] [cos
0-7
] [[log] [time-range
time-range-name
]
[assign-queue
queue-id
] [{mirror | redirect}
interface-id
]
{deny | permit} {every | {{icmp | igmp | ip | tcp | udp |
number
}
srcip
srcmask
[{eq {
portkey
|
0-65535
}
dstip
dstmask
[{eq {
portkey
|
0-65535
}]
[precedence
precedence
| tos
tos
tosmask
| dscp
dscp
] [log] [time-range
time-range-name
] [assign-queue
queue-id
] [{mirror | redirect}
interface-id
]
Parameter Description
This command does not require a parameter description.
Default Configuration
This command has no default configuration.
Command Mode
Ipv4-Access-List Configuration mode
User Guidelines
This command has no user guidelines.
deny | permit (Mac-Access-List-Configuration)
Use the deny command in Mac-Access-List Configuration mode to deny
traffic if the conditions defined in the deny statement are matched. Use the
permit command in Mac-Access-List Configuration mode to allow traffic if
the conditions defined in the permit statement are matched.
2CSPC4.XModular-SWUM200.book Page 247 Thursday, March 10, 2011 11:18 AM
