Net-service Overview
Net-service names are used as alias in defining ACL rules for defined lists. An alias of net-service will configure a
list of hosts, networks, or subnets.
Extended ACL can have both source IP, destination IP and port number along with protocol in its ACE. An alias-
based ACE for an extended ACL therefore allows the use of an alias of net-service protocol and destination port.
Limitations
• Alias-based ACE will not support access-control based on source port which is a limitation of the net-service
command. The use of net-service will also restrict operators specified for port number to equals and range.
◦ Operators lt, gt, equal,negative, and range for the source port in the ACL rule are not specified using
the options available in net-service.
◦ Operators lt, gt, negative are not specified for destination port using the options available in net-
service.
◦ Only the ACL will be affected when changes are made to an existing net-service. Either the rule must be
reapplied to the ACL or the switch must be rebooted to affect the service.
netservice [tcp | udp | port]
Syntax
[no] netservice <NAME-STR> [tcp | udp | <PROTOCOL>]
port <PORT-LIST>
Description
Configures net-service.
Parameters
protocol
IP protocol number.
Range: 0-255
TCP
Configure an alias for a TCP protocol.
UDP
Configure an alias for a UDP protocol.
port
Specify a single port or a list of noncontiguous port numbers, by entering up to six port numbers, separated by
commas or range of ports.
Range: 0-65535
Chapter 25
Net-destination and Net-service
Chapter 25 Net-destination and Net-service 455
To Next Page
Loading...
