238 Cisco LAN Switching Configuration Handbook
port number values). The source and destination ports are given as a number (0
to 65535) or as a text string port name.
Available TCP names are bgp, chargen, daytime, discard, domain, echo, finger,
ftp, ftp-data, gopher, hostname, irc, klogin, kshell, lpd, nntp, pop2, pop3,
smtp, sunrpc, syslog, tacacs-ds, talk, telnet, time, uucp, whois, and www. In
addition, you can use the established keyword to match packets from estab-
lished connections or packets that have either the RST or ACK bits set.
Available UDP names are biff, bootpc, bootps, discard, dns, dnsix, echo,
mobile-ip, nameserver, netbios-dgm, netbios-ns, ntp, rip, snmp, snmptrap,
sunrpc, syslog, tacacs-ds,
talk, tftp, time, who, and xdmcp.
c. (Optional) Match ICMP traffic:
(global) access-list acc-list {permit | deny} icmp source-ip source-mask
destination-ip destination-mask [icmp-type [icmp-code] | icmp-message]
[precedence precedence] [dscp dscp] [tos tos]
OR
(global) ip access-list extended acl-name
(access-list) {permit | deny} icmp source-ip source-mask destination-ip
destination-mask [icmp-type [icmp-code] | icmp-message] [precedence
precedence] [dscp dscp] [tos tos]
The access list is referenced by its name acl-name (text string) or by its number
acc-list-number (100 to 199 or 2000 to 2699).
One or more of icmp-type, icmp-type icmp-code, or icmp-message can be
added to the command line. The icmp-type field is the ICMP message type (0 to
15), and the icmp-code is an optional ICMP message code (0 to 255). The icmp-
message field is a text string name, chosen from the following: administratively-
prohibited, alternate-address, conversion-error, dod-host-prohibited, dod-net-
prohibited, echo, echo-reply, general-parameter-problem, host-isolated, host-
precedence-unreachable, host-redirect, host-tos-redirect, host-tos-unreachable,
host-unknown, host-unreachable, information-reply, information-request,
mask-reply, mask-request, mobile-redirect, net-redirect, net-tos-redirect, net-
tos-unreachable, net-unreachable, network-unknown, no-room-for-option,
option-missing, packet-too-big, parameter-problem, port-unreachable,
precedence-unreachable, protocol-unreachable, reassembly-timeout, redirect,
router-advertisement, router-solicitation, source-quench, source-route-failed,
time-exceeded, timestamp-reply, timestamp-request, traceroute, ttl-exceeded,
and unreachable.
d. (Optional) Match IGMP traffic:
(global) access-list acc-list {permit | deny} igmp source-ip source-mask
destination-ip destination-mask [igmp-type] [precedence precedence] [dscp
dscp] [tos tos]
To Next Page
Loading...
Need help?
General