210 ACL Commands
access-list
Use the access-list command in Global Configuration mode to create an
Access Control List (ACL) that is identified by the parameter
list-name
.
Syntax
access-list
std-list-num
{deny | permit} {
srcip
srcmask
| every} [log]
[assign-queue
queue-id
] [redirect
interface
| mirror
interface
]
access-list
ext-list-num
{deny | permit} {every | {[icmp | igmp | ip | tcp |
udp | number] {
srcip
srcmask
| any} [eq [
portkey
|
portvalue
]] {dstip
dstmask
| any} [eq [portkey | portvalue]] [precedence
precedence
| tos
tos
tosmask
| dscp
dscp
] [log] [assign-queue
queue-id
] [redirect
interface
|
mirror
interface
]}}
no access-list
list-name
•
list-name
— Access-list name up to 31 characters in length.
•
deny | permit
— Specifies whether the IP ACL rule permits or denies an
action.
•
every
— Allows all protocols.
•
eq
— Equal. Refers to the Layer 4 port number being used as match
criteria. The first reference is source match criteria, the second is
destination match criteria.
•
number
— Standard protocol number. Protocol keywords
icmp,igmp,ip,tcp,udp.
•
srcip
— Source IP address.
•
srcmask
— Source IP mask.
•
dstip
— Destination IP address.
•
dstmask
— Destination IP mask.
•
portvalue
— The source layer 4 port match condition for the ACL rule is
specified by the port value parameter (Range: 0–65535).
•
portkey
— Or you can specify the
portkey
, which can be one of the
following keywords: domain, echo, ftp, ftpdata, http, smtp, snmp, telnet,
tftp, and www.
• log — Specifies that this rule is to be logged.