656 IP Access Control List Commands
IPv4 extended ACLs have the following limitations for egress ACLs:
◆ Match on port ranges is not supported.
◆ The rate-limit command is not supported.
Format
access-list
100-199
[rule
1-1023
] {deny | permit}
{every | {{eigrp | gre | icmp | igmp | ip | ipinip |
ospf | pim | tcp | udp
|
0 -255
} {
srcip
srcmask|any|host
srcip
}[range {
portkey
|
startport
}
{
portkey
|
endport
} {eq|neq|lt|gt} {
portkey
|
0-
65535
}{
dstip dstmask
|any|host
dstip
}[{range
{
portkey
|
startport
} {
portkey
|
endport
} | {eq | neq |
lt | gt} {
portkey
|
0-65535
} ] [flag [+fin | -fin]
[+syn | -syn] [+rst | -rst] [+psh | -psh] [+ack | -ack]
[+urg | -urg] [established]] [icmp-type
icmp-type
[icmp-code
icmp-code
] | icmp-message
icmp-message
]
[igmp-type
igmp-type
] [fragments] [precedence
precedence
| tos
tos
[ tosmask] | dscp
dscp
]}} [time-
range
time-range-name
] [log] [assign-queue
queue-
id
] [{mirror | redirect} slot/port] [rate-limit
rate
burst-size
]
Mode Global Config
Parameter Description
1-99
or
100-199
Range 1 to 99 is the access list number for an IP
standard ACL. Range 100 to 199 is the access
list number for an IP extended ACL.
[rule
1-1023
]
Specifies the IP access list rule.
{deny | permit}
Specifies whether the IP ACL rule permits or
denies an action.
every
Match every packet.
{eigrp | gre | icmp |
igmp | ip | ipinip |
ospf | pim | tcp | udp
|
0 -255
}
Specifies the protocol to filter for an extended IP
ACL rule.
To Next Page
Loading...
