Quick Reference Guide
ACL Commands 107
DELL CONFIDENTIAL – PRELIMINARY 5/15/12 – FOR PROOF ONLY
•
icmp-code
— Specifies an ICMP message code for filtering ICMP packets. (Range: 0 - 255)
•
igmp-type
— Specifies IGMP packets filtered by IGMP message type. Enter a number or
one of the following values:
host-query, host-report, dvmrp, pim, cisco-trace, host-
report-v2, host-leave-v2, host-report-v3
. (Range: 0 - 255)
•
destination-port
— Specifies the UDP/TCP destination port. (Range: 1 - 65535)
•
destination-port-wildcard
— Specifies wildcard bits to be applied to the destination port by
placing 1s in bit positions to be ignored.
•
source-port
— Specifies the UDP/TCP source port. (Range: 1 - 65535)
•
source-port-wildcard
— Specifies wildcard bits to be applied to the source port by placing
1s in bit positions to be ignored.
•
flags
list-of-flags
— Specifies the list of TCP flags. If a flag should be set it is prefixed by
"+". If a flag is not set, it is prefixed by "-". Available options are
+urg, +ack, +psh, +rst,
+syn, +fin, -urg, -ack, -psh, -rst, -syn
and
-fin
. The flags are concatenated to a one string.
For example:
+fin-ack
.
Default Configuration
No IPv4 access list is defined.
Command Mode
IP-Access List Configuration mode.
User Guidelines
•Use the
ip access-list
Global Configuration mode command to enable the IP-Access List
Configuration mode.
• Before an Access Control Element (ACE) is added to an ACL, all packets are permitted. After an
ACE is added, an implied
deny-any-any
condition exists at the end of the list and those packets
that do not match the defined conditions are denied.
Example
The following example shows how to define a permit statement for an IP ACL.
mac access-list
The mac access-list Global Configuration mode command creates Layer 2 ACLs. Use the no form
of this command to delete an ACL.
Console(config)# ip access-list ip-acl1
Console(config-ip-al)# deny rsvp 192.1.1.1 0.0.0.255 any