Specifications

ManualsBrandsCisco ManualsComputer equipmentWAE-7326-K9

741

742

743

744

745

746

747

748

749

750

3-685

Cisco Wide Area Application Services Command Reference

OL-21611-01

Chapter 3 CLI Commands

(config-ext-nacl) permit

To add a line to an extended access list that specifies the type of packets that you want the WAAS device

to accept for further processing, use the permit extended ACL configuration command. To add a

condition to the extended ACL, note that the options depend on the chosen protocol.

For IP, use the following syntax to add a condition:

[insert line-num] permit {gre | icmp | tcp | udp | ip | proto-num} {source-ip [wildcard] |

host source-ip | any} {dest-ip [wildcard] | host dest-ip | any}

no permit {gre | icmp | tcp | udp | ip | proto-num} {source-ip [wildcard] | host source-ip | any}

{dest-ip [wildcard] | host dest-ip | any}

For TCP, use the following syntax to add a condition:

[insert line-num]

permit tcp {source-ip [wildcard] | host source-ip | any} [operator port [port]]

{dest-ip [wildcard] | host dest-ip | any} [operator port [port]] [established]

no permit tcp {source-ip [wildcard] | host source-ip | any} [operator port [port]]

{dest-ip [wildcard] | host dest-ip | any} [operator port [port]] [established]

For UDP, use the following syntax to add a condition:

[insert line-num] permit udp {source-ip [wildcard]

| host source-ip | any} [operator port [port]]

{dest-ip [wildcard] | host dest-ip | any} [operator port [port]]

no permit udp {source-ip [wildcard] | host source-ip | any} [operator port [port]]

{dest-ip [wildcard] | host dest-ip | any} [operator port [port]]

For ICMP, use the following syntax to add a condition:

[insert line-num] permit icmp {source-ip [wildcard] | host source-ip | any} {dest-ip [

wildcard] |

host dest-ip | any} [icmp-type [code] | icmp-msg]

no permit icmp {source-ip [wildcard] | host source-ip | any} {dest-ip [wildcard] | host dest-ip |

any} [icmp-type [code] | icmp-msg]

Syntax Description insert line-num (Optional) Specifies to insert the conditions following the specified line

number into the access list.

gre Specifies to match packets using the Generic Routing Encapsulation

protocol.

icmp Specifies to match ICMP packets.

tcp Specifies to match packets using the TCP protocol.

udp Specifies to match packets using the UDP protocol.

ip Specifies to match all IP packets.

proto-num IP protocol number.

source-ip Source IP address. The number of the network or host from which the

packet is being sent, specified as a 32-bit quantity in 4-part dotted-decimal

format (for example, 0.0.0.0).