Specifications
3-456
Cisco Wide Area Application Services Command Reference
OL-11817-01
Chapter 3 CLI Commands
(config-ext-nacl) deny
Table 3-95 lists the keywords that you can use to match specific ICMP message types and codes.
Examples The following example shows how to create an access list on the WAAS device. You create this access
list to allow the WAAS device to accept all web traffic that is redirected to it, but limits host
administrative access using SSH:
WAE(config)# ip access-list extended testextacl
WAE(config-ext-nacl)# permit tcp any any eq www
WAE(config-ext-nacl)# deny tcp host 10.1.1.5 any eq ssh
WAE(config-ext-nacl)# exit
The following example shows how to activate the access list for an interface:
WAE(config)# interface gigabitethernet 1/0
WAE(config-if)# ip access-group extended testextacl in
WAE(config-if)# exit
nfs Network File System service 2049
ssh Secure Shell login 22
tacacs Terminal Access Controller Access Control
System
49
telnet Telnet 23
www World Wide Web (HTTP) 80
Table 3-94 TCP Keywords for Extended Access Lists (continued)
CLI TCP Keyword Description TCP Port Number
Ta b l e 3-95 Keywords for ICMP Messages
administratively-prohibited alternate-address conversion-error
dod-host-prohibited dod-net-prohibited echo
echo-reply general-parameter-problem host-isolated
host-precedence-unreachable host-redirect host-tos-redirect
host-tos-unreachable host-unknown host-unreachable
information-reply information-request mask-reply
mask-request mobile-redirect net-redirect
net-tos-redirect net-tos-unreachable net-unreachable
network-unknown no-room-for-option option-missing
packet-too-big parameter-problem port-unreachable
precedence-unreachable protocol-unreachable reassembly-timeout
redirect router-advertisement router-solicitation
source-quench source-route-failed time-exceeded
timestamp-reply timestamp-request traceroute
ttl-exceeded unreachable