Cisco MDS 9000 series Command Reference Manual page 599
Hide thumbs
Also See for MDS 9000 series:
- Configuration manual (344 pages) ,
- Troubleshooting manual (161 pages) ,
- Hardware installation manual (60 pages)
Table of Contents
Advertisement
Chapter 11
I Commands
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
operator
port port-value
icmp-type icmp-value
established
tos tos-value
log-deny
Defaults
Denied.
Command Modes
Configuration mode.
Command History
Release
1.2(1)
Usage Guidelines
Using the log-deny option at the end of the individual ACL entries shows the ACL number and whether
the packet was permitted or denied, in addition to port-specific information. This option causes an
information logging message about the packet that matches the dropped entry (or entries).
Examples
The following example configures the an IP-ACL called aclPermit and permits IP traffic from any source
address to any destination address.
switch# config terminal
Enter configuration commands, one per line.
switch(config)# ip access-list aclPermit permit ip any any
OL-8413-07, Cisco MDS SAN-OS Release 3.x
Compares source or destination ports to the packet and has the following
options:
any = Any destination IP
eq = Equal source port
gt = Greater than and including source port
lt = Less than and including source port
range port = Source port range port-value
Specifies the decimal number (ranging from 0 to 65535) or one of the
following names to indicate a TCP or UDP port.
The TCP port names are: dns, ftp, ftp-data, http, ntp, radius, sftp, smtp, snmp,
snmp-trap, ssh, syslog, tacacs-ds, telnet, wbem-http, wbem-https, and www.
The UDP port names are: dns, ftp, ftp-data, http, ntp, radius, sftp, smtp,
snmp, snmp-trap, ssh, syslog, tacacs-ds, telnet, tftp, wbem-http, wbem-https,
and www.
Filters ICMP packets by ICMP message type. The range is 0 to 255. The
types include: echo, echo-reply, redirect, time-exceeded, traceroute, and
unreachable.
Indicates an established connection for the TCP protocol. A match occurs if
the TCP datagram has the ACK, FIN, PSH, RST, SYN or URG control bits
set. The non-matching case is that of the initial TCP datagram to form a
connection.
Filters packets by the following type of service level: normal-service (0),
monetary-cost (1), reliability (2), throughput (4), and delay (8).
Sends an information logging message to the console about the packet that is
denied entry.
Modification
This command was introduced.
End with CNTL/Z.
Cisco MDS 9000 Family Command Reference
ip access-list
11-41
Advertisement
Table of Contents
