ACL Commands
78-21075-01 Command Line Interface Reference Guide
48.2
permit ( IP )
Use the permit IP Access-list Configuration mode command to set permit
conditions for an IPv4 access list (ACL). Permit conditions are also known as
access control entries (ACEs).
Syntax
protocol {any | source source-wildcard} {any | destination
permit
destination-wildcard} [dscp number | precedence number] [
time-range-name]
icmp {any | source source-wildcard} {any | destination destination-wildcard}
permit
[any | icmp-type] [any | icmp-code]] [dscp number | precedence number]
[
time-range-name]
time-range
igmp {any | source source-wildcard} {any | destination
permit
destination-wildcard}[igmp-type] [dscp number | precedence number]
time-range-name]
permit tcp
{any | source source-wildcard} {any| s ource-port/port-range}{any |
destination destination-wildcard} {any| d estination-port/port-range} [dscp number |
precedence number] [match-all list-of-flags] [
{any | source source-wildcard} {any| s ource-port/port-range} {any |
permit udp
destination destination-wildcard} {any| d estination-port/port-range} [dscp number |
precedence number [
Parameters
•
protocol
permit
protocol names are: icmp, igmp, ip, tcp, egp, igp, udp, hmp, rdp, idpr, ipv6,
ipv6:rout, ipv6:frag, idrp, rsvp, gre, esp, ah, ipv6:icmp, eigrp, ospf, ipinip, pim,
l2tp, isis. To match any protocol, use the ip keyword.(Range: 0–255)
•
source—Source IP address of the packet.
•
source-wildcard—Wildcard bits to be applied to the source IP address. Use
ones in the bit position that you want to be ignored.
•
destination—Destination IP address of the packet.
•
destination-wildcard—Wildcard bits to be applied to the destination IP
address. Use ones in the bit position that you want to be ignored.
•
number
dscp
—Specifies the DSCP value.
•
number
precedence
time-range-name]
time-range
—The name or the number of an IP protocol. Available
—Specifies the IP precedence value.
time-range
time-range-name]
time-range
48
time-range
771