Consolidating Access List Entries With Noncontiguous Ports Into One Access List Entry - Cisco Catalyst 2960 series Configuration Manual
Consolidated platform configuration guide, ios release 15.2(4)e
Hide thumbs
Also See for Catalyst 2960 series:
- Software configuration manual (980 pages) ,
- Command reference manual (800 pages) ,
- Configuration manual (120 pages)
Table of Contents
Advertisement
Command or Action
Step 5
[sequence-number] deny tcp source source-wildcard
[operator port [port]] destination destination-wildcard
[operator [port]] [established {match-any |
match-all} {+ | -} flag-name] [precedence
precedence] [tos tos] [log] [time-range
time-range-name] [fragments]
Example:
Device(config-ext-nacl)# deny tcp any neq 45
565 632
Step 6
Repeat Step 4 or Step 5 as necessary, adding
statements by sequence number where you planned.
Use the no sequence-number command to delete an
entry.
Step 7
end
Example:
Device(config-ext-nacl)# end
Step 8
show ip access-lists access-list-name
Example:
Device# show ip access-lists kmd1
Consolidating Access List Entries with Noncontiguous Ports into One Access List Entry
Perform this task to consolidate a group of access list entries with noncontiguous ports into one access list
entry.
Although this task uses TCP ports, you could use the UDP syntax of the permit and deny commands to filter
noncontiguous UDP ports.
Although this task uses a permit command first, use the permit and deny commands in the order that achieves
your filtering goals.
(Optional) Specifies a deny statement in named access list
configuration mode.
Allows you to revise the access list.
(Optional) Exits named access list configuration mode and returns
to privileged EXEC mode.
(Optional) Displays the contents of the access list.
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Purpose
• The range operator requires two port numbers. You can
configure up to 10 ports after the eq and neqoperators. All
other operators require one port number.
• To filter UDP ports, use the UDP syntax of this command.
• Operators include lt (less than), gt (greater than), eq (equal),
neq (not equal), and range (inclusive range).
• If the operator is positioned after the source and
source-wildcard arguments, it must match the source port.
If the operator is positioned after the destination and
destination-wildcard arguments, it must match the destination
port.
• The range operator requires two port numbers. You can
configure up to 10 ports after the eq and neqoperators. All
other operators require one port number.
• To filter UDP ports, use the UDP syntax of this command.
How to Configure ACLs
1193
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
