Reference Guide
240 Network Security
Configuring IP-based ACEs Using CLI Commands
The following table summarizes the CLI commands for configuring IP-based
ACLs
.
Table 9-5. IP-Based ACE CLI Commands
CLI Command Description
permit protocol {any |source source-
wildcard} {any |destination destination-
wildcard} [dscp number | precedence number]
[time-range time-range-name]
permit icmp {any |source source-wildcard}
{any |destination destination-wildcard}
[any |icmp-type][any |icmp-code]] [dscp
number | precedence number] [time-range
time-range-name]
permit igmp {any |source source-wildcard}
{any |destination destination-
wildcard}[igmp-type] [dscp number |
precedence number] [time-range time-range-
name]
permit tcp {any |source source-wildcard}
{any |sourc
e-port/port-range} {any
|destination destination-wildcard} {any
|destination-port/port-range} [dscp number
| precedence number] [match-all list-of-
flags] [time-range time-range-name]
permit udp {any |source source-wildcard}
{any | source-port/port-range} {any |
destination destination-wildcard} {any |
destination-port/port-range } [dscp number
| precedence number] [time-range time-
range-name]
Sets conditions to
allow a packet to pass
a named IP access list
(in access list
configuration mode).
Each form of this
command is relevant
to a specific protocol
(icmp, igmp, tcp,
udp)