Filter
Top Products
614 Configuring Access Control Lists
continued
– When “eq” is specified, IP ACL rule matches only if
the layer 4 port number is equal to the specified port
number or portkey.
– When “lt” is specified, IP ACL rule matches if the layer
4 destination port number is less than the specified
port number or portkey. It is equivalent to specifying
the range as 0 to <specified port number – 1>.
– When “gt” is specified, IP ACL rule matches if the
layer 4 destination port number is greater than the
specified port number or portkey. It is equivalent to
specifying the range as <specified port number + 1>
to 65535.
– When “neq” is specified, IP ACL rule matches only if
the layer 4 destination port number is not equal to the
specified port number or portkey.
– IPv4 TCP port names
: bgp, domain, echo, ftp, ftp-
data, http, smtp, telnet, www, pop2, pop3
–IPv4 UDP port names:
domain, echo, ntp, rip, snmp,
tftp, time, who
•
dstip
dstmask
|
any | host
dstip
—Specifies a destination
IP address and netmask for match condition of the IP
ACL rule.
– Specifying “any” implies specifying
dstip
as “0.0.0.0”
and
dstmask
as “255.255.255.255”.
– Specifying “host A.B.C.D” implies
dstip
as “A.B.C.D”
and
dstmask
as “0.0.0.0”.
•
[precedence
precedence
| tos
tos
[
tosmask
] | dscp
dscp
]—
Specifies the TOS for an IP/TCP/UDP ACL rule
depending on a match of precedence or DSCP values
using the parameters dscp, precedence, or tos tosmask.
Command Purpose