Cisco Sx350 Cli Manual page 61

ACL Commands
Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide
number
precedence ] [match-all
[disable-port | l og-input]
source-prefix
no deny udp {any | {
destination-prefix length
/
precedence number ] [time-range
Parameters
•
protocol —The name or the number of an IP protocol. Available protocol
names are: icmp (58), tcp (6) and udp (17). To match any protocol, use the
ipv6 keyword. (Range: 0–255)
•
source-prefix/length
which to set permit conditions. This argument must be in the format
documented in RFC 3513 where the address is specified in hexadecimal
using 16-bit values between colons.
•
destination-prefix/length
networks about which to set permit conditions. This argument must be in
the format documented in RFC 3513 where the address is specified in
hexadecimal using 16-bit values between colons.
•
priority
- Specify the priority of the access control entry (ACE) in the access
control list (ACL). "1" value represents the highest priority and "2147483647"
number represents the lowest priority.(Range: 1-2147483647)
•
number
dscp —Specifies the DSCP value. (Range: 0–63)
•
number
precedence
•
icmp-type
—Specifies an ICMP message type for filtering ICMP packets.
Enter a number or one of the following values: destination-unreachable (1),
packet-too-big (2), time-exceeded (3), parameter-problem (4), echo-request
(128), echo-reply (129), mld-query (130), mld-report (131), mldv2-report
(143), mld-done (132), router-solicitation (133), router-advertisement (134),
nd-ns (135), nd-na (136). (Range: 0–255)
•
icmp-code
—Specifies an ICMP message code for filtering ICMP packets.
(Range: 0–255)
•
destination-port
range of ports by using a hyphen. E.g. 20 - 21. For TCP enter a number or
one of the following values: bgp (179), chargen (19), daytime (13), discard (9),
domain (53), drip (3949), echo (7), finger (79), ftp (21), ftp-data 20), gopher
(70), hostname (42), irc (194), klogin (543), kshell (544), lpd (515), nntp (119),
pop2 (109), pop3 (110), smtp (25), sunrpc (1110, syslog (514), tacacs-ds
list-of-flags
length
/ }} {any |
destination-port
} {any|
time-range-name
—The source IPv6 network or class of networks about
—The destination IPv6 network or class of
—Specifies the IP precedence value.
—Specifies the UDP/TCP destination port. You can enter a
time-range-name
] [time-range
source-por port-range
t/
port-range
/ } [dscp
] [disable-port |log-input]
2
]
}}{any |
number
|
60