14-5
Usage Guidelines
Use this command to deny traffic between network’s/host’s based on the protocol type selected in the access
list configuration. The following protocol types are supported:
•ip
•icmp
•tcp
• udp
The last ACE in the access list is an implict deny statement.
Whenever the interface receives the packet, its content is checked against the ACE’s in the ACL. It is
allowed/denied based on the ACL configuration.
• Filtering on protocol types tcp/udp allows the user to specify port numbers as filtering criteria.
deny {tcp|udp} {source/
source-mask | host source
| any} [operator source-
port] {destination/
destination-mask | host
destination | any}
[operator destination-port]
[log] [rule-precedence
access-list-entry
precedence]
Use with
deny command to reject tcp or udp packets.
• deny – The keyword specifies deny action on an ACL.
•{tcp|udp} – Specify tcp or udp as the protocol.
• {source/source-mask | host source | any} – The keyword source is the
source IP address of the network or host in dotted decimal format.
Source-mask is the network mask. For example, 10.1.1.10/24 indicates
the first 24 bits of the source IP are used for matching.
• any is an abbreviation for source IP of 0.0.0.0 and source-mask bits
equal to 0.
• host is an abbreviation for exact source (A.B.C.D) and source-mask
bits equal to 32.
• [operator source-port] – Valid only for tcp or udp protocols. Valid values
are eq and range.
• range – Specifies the protocol range (starting and ending protocol
numbers).
• port – Valid Port number.
• {destination/destination-mask | host destination | any} – The destination
host IP address or destination network address.
• [operator destination-port] – Specifies the destination port.
• [log] – Generates log messages when the packet coming from the
interface matches the ACL entry. Log messages are generated only for
router ACLs.
• [rule-precedence access-list-entry precedence] – Integer value between
1-5000. This value sets the rule precedence in the ACL.
To Next Page
Loading...
Need help?
General
