17
Configure a description for
the IPv4 advanced ACL
Optional
By default, an IPv4
advanced ACL has no ACL
description.
Set the rule numbering step
rule [ rule-id ] { deny |
permit } protocol [ { { ack
ack-value | fin fin-value |
psh psh-value | rst rst-value
| syn syn-value | urg
urg-value } * | established }
| destination { dest-addr
dest-wildcard | any } |
destination-port operator
port1 [ port2 ] | dscp dscp |
fragment | icmp-type
{ icmp-type icmp-code |
icmp-message } | logging |
precedence precedence |
reflective | source
{ sour-addr sour-wildcard |
any } | source-port operator
port1 [ port2 ] | time-range
time-range-name | tos tos] *
Required
By default, an IPv4
advanced ACL does not
contain any rule.
To create or edit multiple
rules, repeat this step.
The logging keyword takes
effect only when the
module using the ACL
supports logging.
Configure or edit a rule
description
rule rule-id comment text
Optional
By default, an IPv4
advanced ACL rule has no
rule description.
Configuring an IPv6 advanced ACL
IPv6 advanced ACLs match packets based on the source IPv6 address, destination IPv6
address, protocol carried over IPv6, and other protocol header fields such as the
TCP/UDP source port number, TCP/UDP destination port number, ICMP message type,
and ICMP message code.
Compared with IPv6 basic ACLs, they allow of more flexible and accurate filtering.
Follow these steps to configure an IPv6 advanced ACL:
To Next Page
Loading...
Need help?
General
