15.1.2.3 Example - Denying UDP Based Traffic
The following example denies UDP traffic with a source port range between 20 - 23 (from
the source subnet to destination subnet):
RFSwitch(config-ext-nacl)#deny udp range 20 23
192.168.1.0/24 192.168.2.0/24
RFSwitch(config-ext-nacl)#permit ip any any
RFSwitch(config-ext-nacl)#
15.1.2.4 Example - Denying ICMP Based Traffic
The following example denies ICMP traffic from any source to any destination. The
keyword any is used to match:
any source or destination IP address.
RFSwitch(config-ext-nacl)#deny icmp any any
RFSwitch(config-ext-nacl)#permit ip any any
RFSwitch(config-ext-nacl)end
15.1.2.5 Example - Denying Protocol Based ACL
With the inclusion of Protocol based acls, it is possible to permit/deny all the protocols
that exist.
RFSwitch(config-ext-nacl)#deny proto ospf any any
rule-precedence 10
RFSwitch(config-ext-nacl)#deny proto eigrp any any
rule-precedence 20
RFSwitch(config-ext-nacl)#permit ip any any rule-precedence
30
Extended ACL Instance
15-11