Specifications

ManualsBrandsCisco ManualsComputer equipmentOL-4015-08

131

132

133

134

135

136

137

138

139

140

Chapter 5 Configuring Access Lists and Filtering GSS Traffic

Filtering GSS Traffic Using Access Lists

5-4

Cisco Global Site Selector Administration Guide

OL-5480-01

Creating an Access List

Use the access-list command in global configuration mode to create an access list.

You must have access to the CLI of each GSS device to create access lists for that

device.

The syntax for the access-list command is:

access-list name {permit | deny} protocol [source-address source-netmask |

host

source-address | any] operator port [port] [destination-port

operator port [port]]

The options and variables are:

• name—Specifies an alphanumeric name used to identify the access list you

are creating.

• permit—Allows a connection when a packet matches the condition. All

provisions of the condition must be met to make a match.

• deny —Prevents a connection when a packet matches the condition. All

provisions of the condition must be met to make a match.

• protocol—Identifies the protocol for the traffic type. Recognized IP protocols

include: tcp (Transmission Control Protocol), udp (User Datagram Protocol),

and icmp (Internet Control Message Protocol).

• source-address—Specifies the network IP address from which the packet

originated. The GSS software uses the source-address and source-netmask

arguments to match the incoming packet to a source network.

• source-netmask—Specifies the subnet mask for the network from which the

packet originated. The software uses the source-address and source-netmask

arguments to match the incoming packet to a source network.

• host—Identifies the host machine that is the source of the packet.

• source-address—Specifies the IP address of the device that is the source of

the packet.

• any—Identifies the wildcard value for the packet source. With any used in

place of the source-address, source-netmask, or host source-address values,

the GSS matches packets from all incoming sources.

• operator —Compares arbitrary bytes within the packet. The operator can be

one of the following values: eq (equal), neq (not equal), range (range)