ACCESS-LIST 12 - 7
Usage Guidelines
Use this command to deny traffic between networks/hosts based on the protocol type selected in the access list
configuration. The following protocols are supported:
•ip
•icmp
•tcp
• udp
• proto
The last ACE in the access list is an implicit deny statement.
Whenever the interface receives the packet, its content is checked against the ACEs in the ACL. It is allowed/denied based
on the ACL configuration.
• Filtering TCP/UDP allows the user to specify port numbers as filtering criteria
• Select ICMP as the protocol to allow/deny ICMP packets. Selecting ICMP provides the option of filtering ICMP
[<0-254>|<WORD>|
eigrp|gre|igmp|igp|ospf|vrrp][
<source-IP/Mask>|any|host
<IP>][<dest-IP/Mask>|any|host
<IP>] {log} {rule-description
<WORD>|rule-precedence<1-
5000>}]
Use with the deny command to deny any protocol other than TCP, UDP or
ICMP
• <0-254] – Displays the protocol number
• <WORD> – Refers to any protocol name
• eigrp – EIGRP protocol 88
• gre – GRE protocol 47
• igmp – IGMP protocol 2
• igp – IGP protocol 9
• ospf – OSPF protocol 89
• vrrp – VRRP protocol 112
• <source-IP/Mask>|any|host <IP> – The source is the source IP
address of the network or host (in dotted decimal format). The
source-mask is the network mask. For example, 10.1.1.10/24
indicates the first 24 bits of the source IP are used for matching
• any – any is an abbreviation for a source IP of 0.0.0.0, and the
source-mask bits are equal to 0
• host – host is an abbreviation for exact source (A.B.C.D) and the
source-mask bits equal to 32
• <dest-IP/mask>|any|host <IP> – Defines the destination host IP
address or destination network address
• log – Generates log messages when the packet coming from the
interface matches an ACL entry. Log messages are generated only for
router ACLs
• rule-precedence <1-5000> – Defines an integer value between
1-5000. This value sets the rule precedence in the ACL
• rule-description <WORD> – Defines access-list entry name
Comments to this Manuals