Reference Guide
Network Security 245
–
Action
— The ACL forwarding action. The following options are
available:
•
Permit
— Forwards packets that meet the ACL criteria.
•
Deny
— Drops packets that meet the ACL criteria.
•
Shutdown
— Drops packet that meet the ACL criteria, and
disables the port to which the packet was addressed.
–
Logging of Dropped Packets
— Check to activate logging of dropped
packets.
Configuring IP-based ACEs Using CLI Commands
The following table summarizes the CLI commands for configuring IP-based
ACLs
.
Table 9-7. IP-Based ACE CLI Commands
CLI Command Description
permit protocol {any | {source-prefix
/length} {any |destination-prefix/length}
[dscp number | precedence number] [time-
range time-range-name]
permit icmp {any | {source-prefix/length}
{any |destination-prefix/length} {any |
icmp-type} {any | icmp-code} [dscp number |
precedence number] [time-range time-range-
name]
permit tcp {any | {source-prefix/length}
{any |source-port/port-range}} {any
|destination prefix/length } {any |
destination-port/port-range} [dscp number
| precedence number] [match-all list-of-
flags] [time-
range ti
me-range-name]
permit udp {any |{source-prefix/length}}
{any | source-port | port-range}} {any |
destination prefix/length} {any |
destination-port/port-range} [dscp number
| precedence number] [time-range time-
range-name]
Sets permit conditions
for IPv6 access list.