Table of Contents
Advertisement
Chapter 99: ACL Commands
1602
eq
Matches packets that are equal to the TCP port number specified
by the dest_ipaddress parameter.
dst_tcp_port
Specifies the destination TCP port number. The range is 0 to
65535. Omit this parameter if you are entering a range of port
numbers.
time-range
Specifies the name of a time range that is created with the TIME-
RANGE command. You must create a time range before entering it
as a parameter value. See "TIME-RANGE" on page 1640.
vid
Indicates a VLAN identifier. Specify a VLAN if you want the ACL to
filter tagged packets. Omit a VLAN if you want the ACL to filter
untagged packets. Specify a value between 1 and 4094. You can
enter only one VID.
Mode
IP ACL mode
Description
Use this command to create Named IP ACLs that identify traffic flows
based on TCP packets as well as source and destination IP addresses.
Confirmation Commands
"SHOW ACCESS-LIST" on page 1635 and "SHOW INTERFACE
ACCESS-GROUP" on page 1637
Examples
This example creates a Named IP ACL, called "permittcp," that permits all
TCP packets from source IP address 152.12.45.2/16 to destination IP
address 152.12.45.3/16 on VLAN 12. Then the ACL is assigned to port 24:
awplus> enable
awplus# configure terminal
awplus(config)# ip access-list permittcp
awplus(config-ip-acl)# permit tcp 152.12.45.2/16
152.12.45.3/16 vlan 12
awplus(config-ip-acl)# exit
awplus(config)# interface port1.0.24
awplus(config-if)# access-group permittcp
Hide quick links:
Advertisement
Table of Contents
