PurposeCommand or Action
•
The range operator requires two port numbers. You can
configure up to 10 ports after the eq and neqoperators. All
other operators require one port number.
•
To filter UDP ports, use the UDP syntax of this command.
(Optional) Specifies a deny statement in named access list
configuration mode.
[sequence-number] deny tcp source source-wildcard
[operator port [port]] destination destination-wildcard
Step 5
[operator [port]] [established {match-any |
•
Operators include lt (less than), gt (greater than), eq (equal),
neq (not equal), and range (inclusive range).
match-all} {+ | -} flag-name] [precedence
precedence] [tos tos] [log] [time-range
time-range-name] [fragments]
•
If the operator is positioned after the source and
source-wildcard arguments, it must match the source port.
Example:
Device(config-ext-nacl)# deny tcp any neq 45
565 632
If the operator is positioned after the destination and
destination-wildcard arguments, it must match the destination
port.
•
The range operator requires two port numbers. You can
configure up to 10 ports after the eq and neqoperators. All
other operators require one port number.
•
To filter UDP ports, use the UDP syntax of this command.
Allows you to revise the access list.Repeat Step 4 or Step 5 as necessary, adding
statements by sequence number where you planned.
Step 6
Use the no sequence-number command to delete an
entry.
(Optional) Exits named access list configuration mode and returns
to privileged EXEC mode.
end
Example:
Device(config-ext-nacl)# end
Step 7
(Optional) Displays the contents of the access list.
show ip access-lists access-list-name
Example:
Device# show ip access-lists kmd1
Step 8
Consolidating Access List Entries with Noncontiguous Ports into One Access List Entry
Perform this task to consolidate a group of access list entries with noncontiguous ports into one access list
entry.
Although this task uses TCP ports, you could use the UDP syntax of the permit and deny commands to filter
noncontiguous UDP ports.
Although this task uses a permit command first, use the permit and deny commands in the order that achieves
your filtering goals.
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
1193
How to Configure ACLs
To Next Page
Loading...
Need help?
General
