Cisco MDS 9124 - Fabric Switch Reference page 636
Cisco mds 9000 family command reference - cisco mds san-os release 3.0(1) through 3.3(1a) (ol-16217-01, april 2008)
Hide thumbs
Also See for Cisco MDS 9124 - Fabric Switch:
- Datasheet (9 pages) ,
- Specifications (3 pages) ,
- Command reference manual (1640 pages)
Table of Contents
Advertisement
ip access-list
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
operator
port port-value
icmp-type icmp-value
established
tos tos-value
log-deny
Defaults
Denied.
Command Modes
Configuration mode.
Command History
Release
1.2(1)
Usage Guidelines
Using the log-deny option at the end of the individual ACL entries shows the ACL number and whether
the packet was permitted or denied, in addition to port-specific information. This option causes an
information logging message about the packet that matches the dropped entry (or entries).
Examples
The following example configures the an IP-ACL called aclPermit and permits IP traffic from any source
address to any destination address.
switch# config terminal
Enter configuration commands, one per line.
switch(config)# ip access-list aclPermit permit ip any any
Cisco MDS 9000 Family Command Reference
11-44
Compares source or destination ports to the packet and has the following
options:
any = Any destination IP
eq = Equal source port
gt = Greater than and including source port
lt = Less than and including source port
range port = Source port range port-value
Specifies the decimal number (ranging from 0 to 65535) or one of the
following names to indicate a TCP or UDP port.
The TCP port names are: dns, ftp, ftp-data, http, ntp, radius, sftp, smtp, snmp,
snmp-trap, ssh, syslog, tacacs-ds, telnet, wbem-http, wbem-https, and www.
The UDP port names are: dns, ftp, ftp-data, http, ntp, radius, sftp, smtp,
snmp, snmp-trap, ssh, syslog, tacacs-ds, telnet, tftp, wbem-http, wbem-https,
and www.
Filters ICMP packets by ICMP message type. The range is 0 to 255. The
types include: echo, echo-reply, redirect, time-exceeded, traceroute, and
unreachable.
Indicates an established connection for the TCP protocol. A match occurs if
the TCP datagram has the ACK, FIN, PSH, RST, SYN or URG control bits
set. The non-matching case is that of the initial TCP datagram to form a
connection.
Filters packets by the following type of service level: normal-service (0),
monetary-cost (1), reliability (2), throughput (4), and delay (8).
Sends an information logging message to the console about the packet that is
denied entry.
Modification
This command was introduced.
End with CNTL/Z.
OL-16217-01, Cisco MDS SAN-OS Release 3.x
Chapter 11
I Commands
Advertisement
Table of Contents
