Table of Contents
Advertisement
Parameters
: Specifies a rule ID in the range of 0 to 65534. If you do not specify a rule ID when creating
rule-id
an ACL rule, the system automatically assigns it a rule ID. This rule ID is the nearest higher multiple
of the numbering step to the current highest rule ID, starting from the start rule ID. For example, if the
rule numbering step is 5 and the current highest rule ID is 28, the rule is numbered 30.
: Denies matching packets.
deny
: Allows matching packets to pass.
permit
: Specifies one of the following values:
protocol
•
A protocol number in the range of 0 to 255.
•
A protocol by its name: gre (47), icmp (1), igmp (2), ip, ipinip (4), ospf (89), tcp (6), or udp
(17). The
Table 2
describes the parameters that you can specify regardless of the value for the
argument.
Table 2 Match criteria and other rule information for IPv4 advanced ACL rules
Parameters
source
source-address
{
source-wildcard
destination
{ dest-address
dest-wildcard | any }
counting
precedence precedence
tos tos
dscp dscp
keyword specifies all protocols.
ip
Function
Specifies a source
address.
any
|
}
Specifies a destination
address.
Enables rule match
counting in software.
Specifies an IP
precedence value.
Specifies a ToS
preference.
Specifies a DSCP
priority.
Description
source-address
The
source-wildcard
source IP address and a wildcard mask in
dotted decimal notation. An all-zero wildcard
represents a host address.
any
The
address.
dest-address
The
dest-wildcard
destination IP address and a wildcard mask
in dotted decimal notation. An all-zero
wildcard mask represents a host address.
any
The
destination IP address.
counting
The
counting specific to rules, and the
hardware-count
packet-filter
match counting in hardware for all rules in an
ACL. If the
specified, matches for the rule are not
counted in software.
precedence
The
number in the range of 0 to 7, or in words:
routine (0), priority (1), immediate (2),
flash (3), flash-override (4), critical (5),
internet (6), or network (7).
tos
The
range of 0 to 15, or in words: max-reliability
(2), max-throughput (4), min-delay (8),
min-monetary-cost (1), or normal (0).
dscp
The
range of 0 to 63, or in words: af11 (10), af12
(12), af13 (14), af21 (18), af22 (20), af23
(22), af31 (26), af32 (28), af33 (30), af41
8
protocol
arguments specify a
keyword specifies any source IP
arguments specify a
keyword represents any
keyword enables match
keyword in the
command enables
counting
keyword is not
argument can be a
argument can be a number in the
argument can be a number in the
Advertisement
Chapters
Table of Contents
