Table of Contents
Advertisement
2
51
Default Configuration
No IPv4 access list is defined.
Command Mode
IP Access-list Configuration mode
User Guidelines
If a range of ports is used for source port in an ACE, it is not counted again, if it is
also used for a source port in another ACE. If a range of ports is used for the
destination port in an ACE, it is not counted again if it is also used for destination
port in another ACE.
If a range of ports is used for source port it is counted again if it is also used for
destination port.
If ace-priority is omitted, the system sets the rule's priority to the current highest
priority ACE (in the current ACL) + 20. The ACE-priority must be unique per ACL.If
the user types already existed priority, then the command is rejected.
Example
switchxxxxxx(config)# ip access-list extended server
switchxxxxxx(config-ip-al)# permit ip 176.212.0.0 00.255.255 any
2.3
deny ( IP )
Use the deny IP Access-list Configuration mode command to set deny conditions
for IPv4 access list. Deny conditions are also known as access control entries
(ACEs). Use the no form of the command to remove the access control entry.
Syntax
protocol
| source source-wildcard
deny
{any
destination-wildcard
time-range-name
[time-range
icmp
| source source-wildcard
deny
{any
| icmp-type
[any
] [any
precedence
number
] [time-range
priority
} [ace-priority
] [disable-port
} {any
| icmp-code
]][ace-priority
time-range-name
Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide
| destination
} {any
number |
] [dscp
precedence
|
l og-input ]
| destination destination-wildcard
priority
number |
] [dscp
] [disable-port
ACL Commands
number]
}
|
l og-input ]
Advertisement
Table of Contents
