Parameters
source
mask
any
host ip-address
dscp
operator
port port
destination
mask
count
bytes
log
order
monitor
Enter the IP address of the network or host from which the
packets were sent.
Enter a network mask in /prefix format (/x) or A.B.C.D. The mask,
when specified in A.B.C.D format, may be either contiguous or
non-contiguous.
Enter the keyword any to specify that all routes are subject to
the filter.
Enter the keyword host then the IP address to specify a host IP
address.
Enter this keyword dscp to deny a packet based on the DSCP
value. The range is from 0 to 63.
(OPTIONAL) Enter one of the following logical operand:
•
eq = equal to
•
neq = not equal to
•
gt = greater than
•
lt = less than
•
range = inclusive range of ports (you must specify two
ports for the port command)
Enter the application layer port number. Enter two port numbers
if using the range logical operand. The range is from 0 to 65535.
Enter the IP address of the network or host to which the packets
are sent.
Enter a network mask in /prefix format (/x) or A.B.C.D. The mask,
when specified in A.B.C.D format, may be either contiguous or
non-contiguous.
(OPTIONAL) Enter the keyword count to count packets
processed by the filter.
(OPTIONAL) Enter the keyword byte to count bytes processed
by the filter.
(OPTIONAL) Enter the keyword log to include ACL matches in
the log.
(OPTIONAL) Enter the keyword order to specify the QoS
priority for the ACL entry. The range is from 0 to 254 (where 0 is
the highest priority and 254 is the lowest; lower-order numbers
have a higher priority) If you did not use the keyword order, the
ACLs have the lowest order by default (255).
(OPTIONAL) Enter the keyword monitor when the rule is
describing the traffic that you want to monitor and the ACL in
which you are creating the rule is applied to the monitored
interface. For more information, refer to the "Flow-based
Access Control Lists (ACL)
300