C
OMMAND
L
INE
I
NTERFACE
4-126
access-list ip (4-124)
permit, deny (Extended ACL)
This command adds a rule to an Extended IP ACL. The rule sets a
filter condition for packets with specific source or destination IP
addresses, protocol types, or source or destination protocol ports. Use
the no form to remove a rule.
Syntax
[no] {permit | deny} [protocol-number | udp]
{any | source address-bitmask | host source}
{any | destination address-bitmask | host destination}
[source-port sport [end]] [destination-port dport [end]]
[no] {permit | deny} tcp
{any | source address-bitmask | host source}
{any | destination address-bitmask | host destination}
[source-port sport [end]] [destination-port dport [end]]
- protocol-number – A specific protocol number. (Range: 0-255)
- source – Source IP address.
- destination – Destination IP address.
- address-bitmask – Decimal number representing the address bits to
match.
- host – Keyword followed by a specific IP address.
- sport – Protocol
15
source port number. (Range: 0-65535)
- dport – Protocol
15
destination port number. (Range: 0-65535)
- end – Upper bound of the protocol port range. (Range: 0-65535)
Default Setting
None
Command Mode
Extended ACL
Command Usage
15. Includes TCP, UDP or other protocol types.
To Next Page
Loading...
