ACL Commands
125 OL-32830-01 Command Line Interface Reference Guide
4
•
destination-port
—Specifies the UDP/TCP destination port. You can enter a
range of ports by using a hyphen. E.g. 20 - 21. For TCP enter a number or
one of the following values: bgp (179), chargen (19), daytime (13), discard (9),
domain (53), drip (3949), echo (7), finger (79), ftp (21), ftp-data 20), gopher
(70), hostname (42), irc (194), klogin (543), kshell (544), lpd (515), nntp (119),
pop2 (109), pop3 (110), smtp (25), sunrpc (1110, syslog (514), tacacs-ds
(49), talk (517), telnet (23), time (37), uucp (117), whois (43), www (80). For
UDP enter a number or one of the following values: biff (512), bootpc (68),
bootps (67), discard (9), dnsix (90), domain (53), echo (7), mobile-ip (434),
nameserver (42), netbios-dgm (138), netbios-ns (137), non500-isakmp
(4500), ntp (123), rip (520), snmp (161), snmptrap (162), sunrpc (111), syslog
(514), tacacs (49), talk (517), tftp (69), time (37), who (513), xdmcp (177).
(Range: 0–65535)
•
source-port
—Specifies the UDP/TCP source port. Predefined port names
are defined in the destination-port parameter. (Range: 0–65535)
• match-all
list-of-flags
—List of TCP flags that should occur. If a flag should be
set it is prefixed by “+”.If a flag should be unset it is prefixed by “-”. Available
options are +urg, +ack, +psh, +rst, +syn, +fin, -urg, -ack, -psh, -rst, -syn and
-fin. The flags are concatenated to a one string. For example: +fin-ack.
• time-range-name—Name of the time range that applies to this permit
statement. (Range: 1–32)
• disable-port—The Ethernet interface is disabled if the condition is matched.
• log-input—Specifies sending an informational syslog message about the
packet that matches the entry. Because forwarding/dropping is done in
hardware and logging is done in software, if a large number of packets
match an ACE containing a log-input keyword, the software might not be
able to match the hardware processing rate, and not all packets will be
logged.
Default Configuration
No IPv6 access list is defined.
Command Mode
Ipv6 Access-list Configuration mode
User Guidelines
The number of TCP/UDP ranges that can be defined in ACLs is limited. If a range of
ports is used for source port in ACE it is not counted again if it is also used for
To Next Page
Loading...
Need help?
General