Chapter 7: Quality of Service Commands 663
values must be specified. The source and destination IP address fields may be
specified using the keyword
any to indicate a match on any value in that field.
The remaining command parameters are all optional, but the most frequently
used parameters appear in the same relative order as shown in the command
format.
The no form of this command is not supported, since the rules within an IP ACL
cannot be deleted individually. Rather, the entire IP ACL must be deleted and
respecified.
An implicit deny all IP rule always terminates the access list.
For IPv4, the following are not supported for egress ACLs:
◆ A match on port ranges.
◆ The rate-limit command.
The
time-range
parameter allows imposing time limitation on the IP ACL rule
as defined by the specified time range. If a time range with the specified name
does not exist and the ACL containing this ACL rule is applied to an interface or
bound to a VLAN, then the ACL rule is applied immediately. If a time range with
specified name exists and the ACL containing this ACL rule is applied to an
interface or bound to a VLAN, then the ACL rule is applied when the time-range
Format
{deny | permit} {every | {{eigrp | gre | icmp | igmp |
ip | ipinip | ospf | pim | tcp | udp |
0 -255
} {srcip
srcmask
| any | host
srcip
} [{range {
portkey
|
startport
} {
portkey
|
endport
} | {eq | neq | lt | gt}
{
portkey
|
0-65535
} ] {
dstip dstmask
| any | host
dstip
} [{range {
portkey
|
startport
} {
portkey
|
endport
} | {eq | neq | lt | gt} {
portkey
|
0-65535
} ]
[flag [+fin | -fin] [+syn | -syn] [+rst | -rst] [+psh |
-psh] [+ack | -ack] [+urg | -urg] [established]] [icmp-
type
icmp-type
[icmp-code icmp-code] | icmp-message
icmp-message] [igmp-type igmp-type] [fragments]
[precedence
precedence
| tos
tos
[
tosmask
] | dscp
dscp
]}} [time-range
time-range-name
] [log] [assign-
queue
queue-id
] [{mirror | redirect} slot/port] [rate-
limit
rate burst-size
]
Mode Ipv4-Access-List Config
To Next Page
Loading...
