10-68
IPv4 Access Control Lists (ACLs)
Configuring Extended ACLs
Comparison Operators:
• eq < tcp/udp-port-nbr > — “Equal To”; to have a match with the
ACE entry, the TCP or UDP source port number in a packet
must be equal to < tcp/udp-port-nbr >.
• gt < tcp/udp-port-nbr > — “Greater Than”; to have a match with
the ACE entry, the TCP or UDP source port number in a
packet must be greater than < tcp/udp-port-nbr >.
• lt < tcp/udp-port-nbr > — “Less Than”; to have a match with the
ACE entry, the TCP or UDP source port number in a packet
must be less than < tcp/udp-port-nbr >.
• neq < tcp/udp-port-nbr> — “Not Equal”; to have a match with
the ACE entry, the TCP or UDP source port number in a
packet must not be equal to < tcp/udp-port-nbr >.
• range < start-port-nbr > < end-port-nbr > — For a match with the
ACE entry, the TCP or UDP source-port number in a packet
must be in the range <start-port-nbr >
< end-port-nbr >.
Port Number or Well-Known Port Name:
Use the TCP or UDP port number required by your appli-
cation. The switch also accepts these well-known TCP or
UDP port names as an alternative to their port numbers:
• TCP: bgp, dns, ftp, http, imap4, ldap, nntp, pop2, pop3, smtp, ssl,
telnet
• UDP: bootpc, bootps, dns, ntp, radius, radius-old, rip, snmp,
snmp-trap, tftp
To list the above names, press the
[Shift] [?] key combination
after entering an operator. For a comprehensive listing of
port numbers, visit www.iana.org/assignments/port-
numbers.
[comparison-operator < tcp-dest-port >] [established]
[comparison-operator < udp-dest-port >]
This option, if used, is entered immediately after the < DA >
entry. To specify a TCP or UDP port number, (1) select a
comparison operator and (2) enter the port number or a well-
known port name.
Comparison Operators and Well-Known Port Names —
These are the same as are used with the TCP/UDP source-port
options, and are listed earlier in this command description.
To Next Page
Loading...
Need help?
General
