Access Control List Commands 4

Example

This example configures one permit rule for the specific address 10.1.1.21 and another rule for the address range 168.92.16.x – 168.92.31.x using a bitmask.

Console(config-std-acl)#permit host 10.1.1.21

Console(config-std-acl)#permit 168.92.16.0 255.255.240.0

Console(config-std-acl)#

Related Commands

access-list ip (4-103)

permit, deny (Extended ACL)

This command adds a rule to an Extended IP ACL. The rule sets a filter condition for packets with specific source or destination IP addresses, protocol types, source or destination protocol ports, or TCP control codes. Use the no form to remove a rule.

Syntax

[no] {permit deny} [protocol-number udp] {any source address-bitmask host source}

{any destination address-bitmask host destination} [precedence precedence] [tos tos] [dscp dscp] [source-portsport [end]] [destination-portdport [end]]

[no] {permit deny} tcp

{any source address-bitmask host source}

{any destination address-bitmask host destination} [precedence precedence] [tos tos] [dscp dscp] [source-portsport [end]] [destination-portdport [end]] [control-flagcontrol-flags flag-bitmask]

protocol-number– A specific protocol number. (Range: 0-255)

source – Source IP address.

destination – Destination IP address.

address-bitmask– Decimal number representing the address bits to match.

host – Keyword followed by a specific IP address.

precedence – IP precedence level. (Range: 0-7)

tos – Type of Service level. (Range: 0-15)

dscp – DSCP priority level. (Range: 0-63)

sport – Protocol21 source port number. (Range: 0-65535)

dport – Protocol1 destination port number. (Range: 0-65535)

end – Upper bound of the protocol port range. (Range: 0-65535)

control-flags– Decimal number (representing a bit string) that specifies flag bits in byte 14 of the TCP header. (Range: 0-63)

flag-bitmask– Decimal number representing the code bits to match. (Range: 0-63)

21.Includes TCP, UDP or other Protocol types.

4-105

Page 347
Image 347
Accton Technology ES3552XA, ES3526XA manual Access-list ip, No permit deny tcp