Command Line Interface
4-96
4
This shows how to create an extended ACL with an egress mask to drop packets
leaving network 171.69.198.0 when the Layer 4 source port is 23.
Console(config)#access-list ip extended A3
Console(config-ext-acl)#deny host 171.69.198.5 any
Console(config-ext-acl)#deny 171.69.198.0 255.255.255.0 any source-port 23
Console(config-ext-acl)#end
Console#show access-list
IP extended access-list A3:
deny host 171.69.198.5 any
deny 171.69.198.0 255.255.255.0 any source-port 23
Console#config
Console(config)#access-list ip mask-precedence out
Console(config-ip-mask-acl)#mask 255.255.255.0 any source-port
Console(config-ip-mask-acl)#exit
Console(config)#interface ethernet 1/15
Console(config-if)#ip access-group A3 out
Console(config-if)#end
Console#show access-list
IP extended access-list A3:
deny 171.69.198.0 255.255.255.0 any source-port 23
deny host 171.69.198.5 any
IP egress mask ACL:
mask 255.255.255.0 any source-port
Console#