Table of Contents
Advertisement
ACL Commands
permit (IP)
Cisco 220 Series Smart Plus Switches Command Line Interface Reference Guide Release 1.0.0.x
address-mask-request, address-mask-reply, traceroute, datagram-
conversion-error, mobile-host-redirect, mobile-registration-request, mobile-
registration-reply, domain-name-request, domain-name-reply, skip, or
photuris. (Range: 0 to 255)
icmp-code
•
—(Optional) The ICMP message code for filtering ICMP packets.
(Range: 0 to 255)
list-of-flags
•
match-all
occur. If a flag should be set, it is prefixed by "+". If a flag should be unset, it
is prefixed by "-". Available options are +urg, +ack, +psh, +rst, +syn, +fin, -
urg, -ack, -psh, -rst, -syn, and -fin. The flags are concatenated to one string,
such as +fin-ack.
Default Configuration
No IPv4-based ACE is defined.
Command Mode
IP Access-List Configuration mode
User Guidelines
After an ACE is added to an ACL, an implicit deny any any condition exists at the
end of the list. That is, if there are no matches, the packets are denied. However,
before the first ACE is added, the list permits all packets up to #ASIC-specific
ranges for TCP and up to #ASIC-specific ranges for UDP.
If a range of ports is used for a source port in an ACE, it is not counted again if it is
also used for a source port in another ACE.
If a range of ports is used for a destination port in an ACE, it is not counted again if
it is also used for a destination port in another ACE.
If a range of ports is used for a source port, it is counted again if it is also used for a
destination port.
Example
switchxxxxxx(config)# ip access-list extended server
switchxxxxxx(config-ip-acl)# permit ip 176.212.0.0 0.0.255.255 any
—(Optional) Specifies a list of TCP flags that should
4
81
Advertisement
Table of Contents
