CLI Guide
particularly useful when looking for malicious traffic. It is available for Layer 2 and
Layer 3 ingress and egress traffic. You may specify traffic using standard or
extended access-lists. This mechanism copies all incoming or outgoing packets on
one port and forwards (mirrors) them to another port. The source port is the
monitored port (MD) and the destination port is the monitoring port (MG).
Related
Commands
deny — Configures a filter to drop packets.
permit — Configures a filter to forward packets.
permit udp
To pass UDP packets meeting the filter criteria, configure a filter.
Syntax
permit udp {source mask | any | host ip-address} [operator port
[port]] {destination mask | any | host ip-address} [dscp]
[operator port [port]] [count [byte]] [order] [fragments]
[threshold-in-msgs [count]]
To remove this filter, you have two choices:
• Use the no seq sequence-number command if you know the filter’s
sequence number.
• Use the no permit udp {source mask | any | host ip-address}
{destination mask | any | host ip-address command.
Parameters
source Enter the IP address of the network or host from which the
packets were sent.
mask Enter a network mask in /prefix format (/x) or A.B.C.D. The
mask, when specified in A.B.C.D format, may be either
contiguous or non-contiguous.
any Enter the keyword any to specify that all routes are subject
to the filter.
host ip-address Enter the keyword host and then enter the IP address to
specify a host IP address.
dscp Enter the keyword dscp to deny a packet based on the
DSCP value. The range is from 0 to 63.
operator (OPTIONAL) Enter one of the following logical operand:
• eq = equal to
• neq = not equal to
• gt = greater than
• lt = less than
296
Access Control Lists (ACL)