CLI Reference Guide
ACL Commands 285
ACL Commands
access-list
Use the
access-list
command in Global Configuration mode to create an Access Control List
(ACL) that is identified by the parameter
list-name.
Syntax
access-list
std-list-num
{
deny
|
permit
} {
srcip
srcmask
|
every
} [
log
] [
assign-queue
queue-id
]
[
redirect
interface
|
mirror
interface
]
access-list
ext-list-num
{
deny
|
permit
} {
every
| {[
icmp
|
igmp
|
ip
|
tcp
|
udp
|
number
]
{
srcip
srcmask
|
any
} [
eq
[
portkey
|
portvalue
]] {
dstip
dstmask
|
any
} [
eq
[
portkey
|
portvalue
]] [
precedence
precedence
|
tos
tos tosmask
|
dscp
dscp
] [log] [
assign-queue
queue-
id
] [
redirect
interface
|
mirror
interface
]}}
no access-list
list-name
•
list-name
—Access-list name up to 31 characters in length.
•
deny | permit
—Specifies whether the IP ACL rule permits or denies an action.
•
every
—Allows all protocols.
•
eq
—Equal. Refers to the Layer 4 port number being used as match criteria. The first
reference is source match criteria, the second is destination match criteria.
•
number
—Standard protocol number. Protocol keywords icmp,igmp,ip,tcp,udp.
•
srcip
—Source IP address.
•
srcmask
—Source IP mask.
•
dstip
—Destination IP address.
•
dstmask
—Destination IP mask.
•
portvalue
—The source layer 4 port match condition for the ACL rule is specified by the
port value parameter (Range: 0 - 65535).
•
portkey
—Or you can specify the
portkey
, which can be one of the following keywords:
domain, echo, ftp, ftpdata, http, smtp, snmp, telnet, tftp, and www.