Reference Guide
Access Control Lists (ACL) | 225
But an ACL rule with TCP port lt 1023 takes only one entry in the CAM:
Related
Commands
ip access-list extended
c e s
Name (or select) an extended IP access list (IP ACL) based on IP addresses or protocols.
Syntax
ip access-list extended access-list-name
To delete an access list, use the no ip access-list extended access-list-name command.
Parameters
Defaults
All access lists contain an implicit “deny any”; that is, if no match occurs, the packet is dropped.
Command Modes
CONFIGURATION
Command
History
Usage
Information
The number of entries allowed per ACL is hardware-dependent. Refer to your line card documentation
for detailed specification on entries allowed per ACL.
Prior to 7.8.1.0, names are up to 16 characters long.
Example
Figure 9-5. Command Example: ip access-list extended
Related
Commands
Rule# Data Mask From To #Covered
1 0000000000000000 1111110000000000 0 1023 1024
Total Ports: 1024
deny Assign a deny filter for IP traffic.
deny tcp Assign a deny filter for TCP traffic.
access-list-name
Enter a string up to 140 characters long as the access list name.
Version 8.1.1.0 Introduced on E-Series ExaScale
Version 7.8.1.0 Increased name string to accept up to 140 characters. Prior to 7.8.1.0, names are up to
16 characters long.
Version 7.6.1.0 Support added for S-Series
Version 7.5.1.0 Support added for C-Series
pre-Version 6.2.1.1 Introduced on E-Series
Force10(conf)#ip access-list extended TESTListEXTEND
Force10(config-ext-nacl)#
ip access-list standard Configure a standard IP access list.
show config Display the current configuration.