•
source-port—Specifies the UDP/TCP source port. Use any for all ports.
•
dscp—Matches dscp number with the packet DSCP value.
•
precedence—Matches ip-precedence with the packet ip-precedence value.
Default Configuration
This command has no default configuration.
Command Mode
IP access-list Configuration mode
User Guidelines
When an access control entry (ACE) is added to an access control list, an implied deny-any-
any condition exists at the end of the list. If there are no matches, the packets are denied.
However, before the first ACE is added, the list permits all packets.
NOTE:
Using "any" specifies that all IP protocols are denied. The deny "any" does not imply that other
protocols running over IP (for example, TCP, UDP, etc.) are "denied".
Example
The following example configures an ACL called "Dell" to deny any IP traffic to address 192.1.1.10
and mask 0.0.0.255.
Console (config)# ip access-list Dell
Console (config-ip-al)# deny any 192.1.1.10 0.0.0.255 any
mac access-list
The mac access-list global configuration command creates Layer 2 MAC ACLs, and enters to
MAC-Access list configuration mode. To delete a MAC ACL use the no form of this command.
Syntax
mac access-list name
no mac access-list name
•
name—Enter the MAC ACL name consisting of a character string up to 32 characters
long.
Default Configuration
The default for all ACLs is deny.
Command Mode
Global Configuration mode
80
ACL Commands