Chapter 10
| Access Control Lists
IPv4 ACLs
ā 399 ā
permit, deny
(Extended IPv4 ACL)
This command adds a rule to an Extended IPv4 ACL. The rule sets a filter condition
for packets with specific source or destination IP addresses, protocol types, source
or destination protocol ports, or TCP control codes. Use the no form to remove a
rule.
Syntax
{permit | deny} [protocol-number | udp]
{any | source address-bitmask | host source}
{any | destination address-bitmask | host destination}
[dscp dscp] [precedence precedence]
[source-port sport [bitmask]]
[destination-port dport [port-bitmask]]
[time-range time-range-name]
no {permit | deny} [protocol-number | udp]
{any | source address-bitmask | host source}
{any | destination address-bitmask | host destination}
[dscp dscp] [precedence precedence
]
[source-port sport [bitmask]]
[destination-port dport [port-bitmask]]
{permit | deny} tcp
{any | source address-bitmask | host source}
{any | destination address-bitmask | host destination}
[dscp dscp] [precedence precedence]
[source-port sport [bitmask]]
[destination-port dport [port-bitmask]]
[control-flag control-flags flag-bitmask]
[time-range time-range-name]
no {permit | deny} tcp
{any | source address-bitmask | host source}
{any | destination address-bitmask | host destination}
[dscp dscp] [precedence precedence]
[source-port sport [bitmask]]
[destination-port dport [port-bitmask]]
[control-flag control-flags flag-bitmask]
protocol-number ā A specific protocol number. (Range: 0-255)
source ā Source IP address.
destination ā Destination IP address.
address-bitmask ā Decimal number representing the address bits to match.
host ā Keyword followed by a specific IP address.
dscp ā DSCP priority level. (Range: 0-63)
precedence ā IP precedence level. (Range: 0-7)
sport ā Protocol
4
source port number. (Range: 0-65535)
dport ā Protocol
4
destination port number. (Range: 0-65535)
4. Includes TCP, UDP or other protocol types.
To Next Page
Loading...
