92 ACL Commands
Syntax
•
permit
{
any
|
protocol
} {
any
|{
source source-wildcard
}} {
any
|{
destination destination-wildcard
}}
[
dscp
number
|
ip-precedence
number
]
•
permit-icmp
{
any
|{
source source-wildcard
}} {
any
|{
destination destination-wildcard
}} {
any
|
icmp-
type
} {
any
|
icmp-code
} [
dscp
number
|
ip-precedence
number
]
•
permit-igmp
{
any
|{
source source-wildcard
}} {
any
|{
destination destination-wildcard
}} {
any
|
igmp-
type
} [
dscp
number
|
ip-precedence
number
]
•
permit-tcp
{
any
|{
source source-wildcard
}} {
any
|
source-port
} {
any
|{
destination
destination-
wildcard
}} {
any
|
destination-port
} [
dscp
number
|
ip-precedence
number
] [
flags
list-of-flags
] [
src-
port-wildcard
source-port-wildcard
] [
dst-port-wildcard
source-port-wildcard
]
•
permit-udp
{
any
|{
source source-wildcard
}} {
any
|
source-port
} {
any
|{
destination destination-
wildcard
}} {
any
|
destination-port
} [
dscp
number
|
ip-precedence
number
] [
src-port-wildcard
source-
port-wildcard
] [
dst-port-wildcard
]
•
source
— Specifies the source IP address of the packet.
•
source-wildcard
— Specifies wildcard bits to be applied to the sources IP address by placing 1s in
bit positions to be ignored.
•
destination
— Specifies the destination IP address of the packet.
•
destination- wildcard
— Specifies wildcard bits to be applied to the destination IP address by
placing 1s in bit positions to be ignored.
•
protocol
— Specifies the name or the number of an IP protocol. Available protocol names:
icmp,
igmp, ip, tcp, egp, igp, udp, hmp, rdp, idpr, idrp, rsvp, gre, esp, ah, eigrp, ospf, ipip, pim, l2tp,
isis
. (Range: 0 - 255)
•
dscp
number
— Specifies the DSCP value.
•
ip-precedence
number
— Specifies the IP precedence value.
•
icmp-type
— Specifies an ICMP message type for filtering ICMP packets. Enter a number or one
of the following values:
echo-reply, destination-unreachable, source-quench, redirect, alternate-
host-address, echo-request, router-advertisement, router-solicitation, time-exceeded, parameter-
problem, timestamp, timestamp-reply, information-request, information-reply, address-mask-
request, address-mask-reply, traceroute, datagram-conversion-error, mobile-host-redirect, mobile-
registration-request, mobile-registration-reply, domain-name-request, domain-name-reply, skip,
photuris
. (Range: 0 - 255)
•
icmp-code
— Specifies an ICMP message code for filtering ICMP packets. (Range: 0 - 255)
•
igmp-type
— Specifies IGMP packets filtered by IGMP message type. Enter a number or one of the
following values:
host-query, host-report, dvmrp, pim, cisco-trace, host-report-v2, host-leave-v2,
host-report-v3
. (Range: 0 - 255)
•
destination-port
— Specifies the UDP/TCP destination port. (Range: 1 - 65535)
•
destination-port-wildcard
— Specifies wildcard bits to be applied to the destination port by placing
1s in bit positions to be ignored.
book.book Page 92 Thursday, December 18, 2008 7:40 PM
To Next Page
Loading...
