C
HAPTER
26
| Access Control Lists
IPv4 ACLs
– 686 –
permit, deny
(Extended IPv4 ACL)
This command adds a rule to an Extended IPv4 ACL. The rule sets a filter
condition for packets with specific source or destination IP addresses,
protocol types, source or destination protocol ports, or TCP control codes.
Use the no form to remove a rule.
SYNTAX
{permit | deny} [protocol-number | udp]
{any | source address-bitmask | host source}
{any | destination address-bitmask | host destination}
[precedence precedence] [tos tos] [dscp dscp]
[source-port sport [bitmask]]
[destination-port dport [port-bitmask]]
[time-range time-range-name]
no {permit | deny} [protocol-number | udp]
{any | source address-bitmask | host source}
{any | destination address-bitmask | host destination}
[precedence precedence] [tos tos] [dscp dscp]
[
source-port sport [bitmask]]
[destination-port dport [port-bitmask]]
{permit | deny} tcp
{any | source address-bitmask | host source}
{any | destination address-bitmask | host destination}
[precedence precedence] [tos tos] [dscp dscp]
[source-port sport [bitmask]]
[destination-port dport [port-bitmask]]
[control-flag control-flags flag-bitmask]
[time-range time-range-name]
no {permit | deny} tcp
{any | source address-bitmask | host source}
{any | destination address-bitmask | host
destination}
[precedence precedence] [tos tos] [dscp dscp]
[source-port sport [bitmask]]
[destination-port dport [port-bitmask]]
[control-flag control-flags flag-bitmask]
protocol-number – A specific protocol number. (Range: 0-255)
source – Source IP address.
destination – Destination IP address.
address-bitmask – Decimal number representing the address bits to
match.
host – Keyword followed by a specific IP address.
precedence – IP precedence level. (Range: 0-7)
tos – Type of Service level. (Range: 0-15)
dscp – DSCP priority level. (Range: 0-63)
sport – Protocol
9
source port number. (Range: 0-65535)
dport – Protocol
9
destination port number. (Range: 0-65535)
9. Includes TCP, UDP or other protocol types.
To Next Page
Loading...
