ACL Commands 79
•
disable-port
— Specifies that the Ethernet interface is disabled if the condition is matched.
•
source
— Specifies the Source IP address of the packet.
•
source-wildcard
— Specifies wildcard bits to be applied to the source IP address by placing 1s in bit
positions to be ignored.
•
destination
— Specifies the destination IP address of the packet.
•
destination- wildcard
— Specifies wildcard bits to be applied to the destination IP address by
placing 1s in bit positions to be ignored.
•
protocol
— Specifies the name or the number of an IP protocol. Available protocol names:
icmp,
igmp, ip, tcp, egp, igp, udp, hmp, rdp, idpr, idrp, rsvp, gre, esp, ah, eigrp, ospf, ipip, pim, l2tp,
isis
. (Range: 0 - 255).
•
dscp
number
— Specifies the DSCP value.
•
ip-precedence
number
— Specifies the IP precedence value.
•
icmp-type
— Specifies an ICMP message type for filtering ICMP packets. Enter a number or one
of the following values:
echo-reply, destination-unreachable, source-quench, redirect, alternate-
host-address, echo-request, router-advertisement, router-solicitation, time-exceeded, parameter-
problem, timestamp, timestamp-reply, information-request, information-reply, address-mask-
request, address-mask-reply, traceroute, datagram-conversion-error, mobile-host-redirect, mobile-
registration-request, mobile-registration-reply, domain-name-request, domain-name-reply, skip,
photuris
.
•
icmp-code
— Specifies an ICMP message code for filtering ICMP packets. (Range: 0 - 255)
•
igmp-type
— Specifies IGMP packets filtered by IGMP message type. Enter a number or one of
the following values:
host-query, host-report, dvmrp, pim, cisco-trace, host-report-v2, host-leave-
v2, host-report-v3
. (Range: 0 - 255)
•
destination-port
— Specifies the UDP/TCP destination port. (Range: 0 - 65535)
•
destination-port-wildcard
— Specifies wildcard bits to be applied to the destination port by placing
1s in bit positions to be ignored.
•
source-port
— Specifies the UDP/TCP source port. (Range: 0 - 65535)
•
source-port-wildcard
— Specifies wildcard bits to be applied to the source port by placing 1s in bit
positions to be ignored.
•
flags
list-of-flags
— Specifies the list of TCP flags. If a flag should be set it is prefixed by "+". If a flag is
not set, it is prefixed by "-". Available options are
+urg, +ack, +psh, +rst, +syn, +fin, -urg, -ack, -psh,
-rst, -syn
and
-fin
. The flags are concatenated to a one string. For example:
+fin-ack
.
Default Configuration
No IPv4 Access List is defined.
Command Mode
IP-Access List Configuration mode.
5400_CLI.book Page 79 Wednesday, December 17, 2008 4:33 PM