Filter
Top Products
Chapter 74: ACL Commands
1224
ACCESS-LIST UDP
Syntax
access-list
id_number action
udp
src_ipaddress
eq|lt|gt|ne|range src_udp_port dst_ipaddress
eq|lt|gt|ne|range
dst_udp_port
vlan
vid
Parameters
id_number
Specifies an ID number for a new ACL. The range is 3000 to 3699.
action
Specifies the action of the ACL. Choose one of the following:
permit: Forwards all ingress packets that match the ACL.
deny: Discards all ingress packets that match the ACL.
copy-to-mirror: Copies all ingress packets that match the ACL to
the destination port of the mirror port. This action must be used
in conjunction with the port mirror feature, explained in Chapter
21, “Port Mirror” on page 379.
src_ipaddress
Specifies the source IP address of the ingress packets the access
list should filter. Here are the possible options:
any: Matches any IP address.
ipaddress/mask: Matches packets that have a source IP
address of a subnet or an end node. The mask is a decimal
number that represents the number of bits in the address, from
left to right, that constitute the network portion of the address.
For example, the subnet address 149.11.11.0 would have a
mask of “24” for the twenty-four bits of the network section of the
address. The IP address and the mask are separated by a slash
(/); for example, “149.11.11.0/24”.
host ipaddress: Matches packets with a source IP address and
is an alternative to the IPADRESS/MASK variable for addresses
of specific end nodes. The HOST keyword indicates that the
address is of a specific and node and that no mask is required.
eq
Matches packets that are equal to the UDP port number specified
by the SRC_UDP_PORT or DST_UDP_PORT parameter.