Specifications
3-630
Cisco Wide Area Application Services Command Reference
OL-16451-01
Chapter 3 CLI Commands
(config-ext-nacl) permit
a 0 indicates a position that must be matched and a 1 indicates a position that does not matter. For
instance, the wildcard 0.0.0.255 causes the last eight bits in the source IP address to be ignored. The
permit 192.168.1.0 0.0.0.255 entry allows access from any host on the 192.168.1.0 network.
For extended IP ACLs, the wildcard parameter is required if the host keyword is not specified.
Use an extended access list to control connections based on the destination IP address or based on the
protocol type. You can combine these conditions with information about the source IP address to create
more restrictive condition.
Table 3-124 lists the UDP keywords that you can use with extended access lists.
Table 3-125 lists the TCP keywords that you can use with extended access lists.
Table 3-124 UDP Keywords for Extended Access Lists
CLI UDP Keyword Description UDP Port Number
bootpc Bootstrap Protocol (BOOTP) client 68
bootps Bootstrap Protocol (BOOTP) server 67
domain Domain Name System (DNS) 53
mms Microsoft Media Server 1755
netbios-dgm NetBIOS datagram service 138
netbios-ns NetBIOS name service 137
netbios-ss NetBIOS session service 139
nfs Network File System service 2049
ntp Network Time Protocol 123
snmp Simple Network Management Protocol 161
snmptrap SNMP traps 162
tacacs Terminal Access Controller Access Control
System
49
tftp Trivial File Transfer Protocol 69
wccp Web Cache Communication Protocol 2048
Table 3-125 TCP Keywords for Extended Access Lists
CLI TCP Keyword Description TCP Port Number
domain Domain Name System 53
exec Exec (rcp) 512
ftp File Transfer Protocol 21
ftp-data FTP data connections (used infrequently) 20
https Secure HTTP 443
mms Microsoft Media Server 1755
nfs Network File System service 2049
ssh Secure Shell login 22