Cisco RJ-45-to-AUX Brochure page 281

host A single destination host
lt Match only packets with a lower port number
neq Match only packets not on a given port number
range Match only packets in the range of port numbers
3. Now do the same for the destination address identifying the destination of 172.15.10.0:
CoriolisRSM1(config)# access−list 199 deny tcp 172.16.10.0 0.0.0.255
172.15.10.0 0.0.0.255 ?
ack Match on the ACK bit
eq Match only packets on a given port number
established Match established connections
fin Match on the FIN bit
gt Match only packets with a greater port number
log Log matches against this entry
log−input Log matches against this entry, including input interface
lt Match only packets with a lower port number
neq Match only packets not on a given port number
precedence Match packets with given precedence value
psh Match on the PSH bit
range Match only packets in the range of port numbers
rst Match on the RST bit
syn Match on the SYN bit
tos Match packets with given TOS value
urg Match on the URG bit
4. Now enter "eq" for equal to, and then identify the port numbers. Use a separate statement for each
port number:
CoriolisRSM1(config)# access−list 199 deny tcp 172.16.10.0 0.0.0.255
172.15.10.0 0.0.0.255 eq 80
CoriolisRSM1(config)# access−list 199 deny tcp 172.16.10.0 0.0.0.255
172.15.10.0 0.0.0.255 eq 23
CoriolisRSM1(config)# access−list 199 deny tcp 172.16.10.0 0.0.0.255
172.15.10.0 0.0.0.255 eq 21
CoriolisRSM1(config)# access−list 199 deny tcp 172.16.10.0 0.0.0.255
172.15.10.0 0.0.0.255 eq 20
5. Now we have to identify addresses to permit or we will have effectively shut down the interface.
Remember, there is an implicit "deny all" at the end of any access list:
CoriolisRSM1(config)#access−list 199 permit ?
<0−255> An IP protocol number
ahp Authentication Header Protocol
eigrp Cisco's EIGRP routing protocol
esp Encapsulation Security Payload
gre Cisco's GRE tunneling
icmp Internet Control Message Protocol
igmp Internet Gateway Message Protocol
igrp Cisco's IGRP routing protocol
Ip Any Internet Protocol
Ipinip IP in IP tunneling
nos KA9Q NOS compatible IP over IP tunneling
ospf OSPF routing protocol
pcp Payload Compression Protocol
pim Protocol Independent Multicast
tcp Transmission Control Protocol
udp User Datagram Protocol
6. We have to use the ip syntax, which means all IP protocols. If we only used the tcp syntax, we would
only permit TCP ports:
CoriolisRSM1(config)#access−list 199 permit ip ?
A.B.C.D Source address
any Any source host
host A single source host
7. Since we want to identify everything else that can pass through the interface, we need to use the any
syntax and identify the source address. You can identify a single host by using the host syntax
followed by the IP address:
265