Specifications
5-5
Cisco Global Site Selector Administration Guide
OL-5480-01
Chapter 5 Configuring Access Lists and Filtering GSS Traffic
Filtering GSS Traffic Using Access Lists
• port—Specifies the source or destination port of the packet.
• destination-port—Compares the destination port of the packet with the
access condition.
For example, to configure an access list named alist1 containing a rule that allows
any traffic using the TCP protocol on port 443 on the GSS device, enter the
following:
gss1.example.com# config
gss1.example.com(config)# access-list alist1 permit tcp any
destination-port eq 443
Use the access-list command for each access list that you intend to add to this
GSS device. See the
“Adding Rules to an Access List” section for instructions on
adding more rules to an access list that already exists.
Included below is an example of a completed access list.
gss1.example.com(config)#show access-list
access-list: acl_1
access-list acl_1 permit tcp any destination-port range 20 23
access-list acl_1 permit tcp any eq 20
access-list acl_1 permit tcp any eq 21
access-list acl_1 permit tcp any eq 23
access-list acl_1 permit tcp any destination-port eq 53
access-list acl_1 permit udp any destination-port eq 53
access-list acl_1 permit udp any eq 53
access-list acl_1 permit udp any eq 123 destination-port eq 123
access-list acl_1 permit udp any destination-port eq 161
access-list acl_1 permit tcp any destination-port eq 443
access-list acl_1 permit udp any eq 1304 destination-port eq 1304
access-list acl_1 permit udp any destination-port eq 2000
access-list acl_1 permit tcp any destination-port range 2001 2005
access-list acl_1 permit tcp any range 2001 2005
access-list acl_1 permit tcp any destination-port range 3002 3008
access-list acl_1 permit tcp any range 3002 3008
access-list acl_1 permit udp any destination-port eq 5002
access-list acl_1 permit udp any eq 1974 destination-port eq 1974
access-list acl_1 permit tcp any destination-port eq 5001
access-list acl_1 permit tcp any eq 5001
access-list acl_1 permit icmp any