Cisco Catalyst 2950 Command Reference Manual page 63
Desktop switch
Hide thumbs
Also See for Catalyst 2950:
- Configuration manual (710 pages) ,
- Command reference manual (686 pages) ,
- Software configuration manual (674 pages)
Table of Contents
Advertisement
Chapter 2
Cisco IOS Commands
operator port
dscp dscp-value
time-range
time-range-name
Defaults
There are no specific conditions that deny packets in the named or numbered IP ACL.
The default ACL is always terminated by an implicit deny statement for all packets.
Command Modes
Access-list configuration
Command History
Release
12.1(6)EA2
Usage Guidelines
Use this command after the ip access-list global configuration command to specify deny conditions for
an IP ACL. You can specify a source IP address, destination IP address, IP protocol, TCP port, or UDP
port. Specify the TCP and UDP port numbers only if protocol is tcp or udp and operator is eq.
For more information about configuring IP ACLs, refer to the "Configuring Network Security with
Note
ACLs" chapter in the Catalyst 2950 Desktop Switch Software Configuration Guide for this release.
Examples
This example shows how to create an extended IP ACL and to configure deny conditions for it:
Switch(config)# ip access-list extended Internetfilter
Switch(config-ext-nacl)# deny tcp host 190.5.88.10 any
Switch(config-ext-nacl)# deny tcp host 192.1.10.10 any
78-11381-05
(Optional) Define a source or destination port.
The operator can be only eq (equal).
If operator is after the source IP address and wildcard, conditions match
when the source port matches the defined port.
If operator is after the destination IP address and wildcard, conditions
match when the destination port matches the defined port.
The port is a decimal number or name of a Transmission Control Protocol
(TCP) or User Datagram Protocol (UDP) port. The number can be from
0 to 65535.
Use TCP port names only for TCP traffic.
Use UDP port names only for UDP traffic.
(Optional) Define a Differentiated Services Code Point (DSCP) value to
classify traffic.
For the dscp-value, enter any of the 13 supported DSCP values (0, 8, 10,
16, 18, 24, 26, 32, 34, 40, 46, 48, and 56), or use the question mark (?) to
see a list of available values.
(Optional) For the time-range keyword, enter a meaningful name to
identify the time range. For a more detailed explanation of this keyword,
refer to the software configuration guide.
Modification
This command was first introduced.
Catalyst 2950 Desktop Switch Command Reference
deny (access-list configuration)
2-39
Hide quick links:
Advertisement
Table of Contents
