162 ACL Commands
•
srcmask
— Source IP mask.
•
dstip
— Destination IP address.
•
dstmask
— Destination IP mask.
•
portvalue
— The source layer 4 port match condition for the ACL rule is specified by the port
value parameter (Range: 0–65535).
•
portkey
— Or you can specify the
portkey
, which can be one of the following keywords:
domain, echo, ftp, ftpdata, http, smtp, snmp, telnet, tftp, and www.
• log — Specifies that this rule is to be logged.
•
assign-queue
queue-id
— Specifies the particular hardware queue for handling traffic that
matches the rule. (Range: 0-6)
• mirror
interface
— Allows the traffic matching this rule to be copied to the specified
interface.
•
redirect
interface
— This parameter allows the traffic matching this rule to be forwarded to
the specified unit/port.
Default Configuration
This command has no default configuration.
Command Mode
Global Configuration mode
User Guidelines
Users are permitted to add rules, but if a packet does not match any user-specified rules, the
packet is dropped by the implicit “deny all” rule.
Examples
The following examples create an ACL to discard any HTTP traffic from 192.168.77.171, but
allow all other traffic from 192.168.77.171:
console(config)#access-list alpha deny 192.168.77.171 0.0.0.0
0.0.0.0 255.255.255.255 eq http
console(config)#access-list alpha permit 192.168.77.171 0.0.0.0
deny | permit
Use the deny command in Mac-Access-List Configuration mode to deny traffic if the
conditions defined in the deny statement are matched. Use the permit command in Mac-
Access-List Configuration mode to allow traffic if the conditions defined in the permit
statement are matched.
To Next Page
Loading...
