Filter
Top Products
ACL Commands 273
{deny | permit} {every | {{icmp | igmp | ip | tcp | udp |
number
}
srcip
srcmask
[{eq {
portkey
|
0-65535
}
dstip
dstmask
[{eq {
portkey
|
0-65535
}]
[precedence
precedence
| tos
tos
tosmask
| dscp
dscp
] [log] [time-range
time-range-name
] [assign-queue
queue-id
] [{mirror | redirect}
interface-id
]
Parameter Description
This command does not require a parameter description.
Default Configuration
This command has no default configuration.
Command Mode
Ipv4-Access-List Configuration mode
User Guidelines
Administrators are cautioned to specify permit and deny rule matches as fully
as is possible in order to avoid false matches. Rules that specify a port value
should also specify the protocol and ethertype. Rules that specify a protocol
should also specify the ethertype value for the frame. In general, any rule that
specifies matching on an upper layer protocol field should also include
matching constraints for lower layer protocol fields. For example, a rule to
match packets directed to the well-known UDP port number 22 (SSH)
should also include constraints on the IP protocol field (UDP) and the
ethertype field (0x800 – IPv4). Below is a list of commonly used ethertypes:
Ethertype Protocol
0x0800 Internet Protocol version 4 (IPv4)
0x0806 Address Resolution Protocol (ARP)
0x0842 Wake-on LAN Packet
0x8035 Reverse Address Resolution Protocol (RARP)
0x8100 VLAN tagged frame (IEEE 802.1Q)
0x86DD Internet Protocol version 6 (IPv6)
0x8808 MAC Control
2CSPC4.XCT-SWUM2XX1.book Page 273 Monday, October 3, 2011 11:05 AM