Cisco NME-X-23ES-1G User Guide - Page 171
Defaults, Command Modes, Command History, Usage Guidelines, Examples, Release, Modification
UPC - 882658036118
View all Cisco NME-X-23ES-1G manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 171 highlights
16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series deny (access-list configuration) operator port (Optional) Source or destination port. The operator can be only eq (equal). If operator is after the source IP address and wildcard, conditions match when the source port matches the defined port. If operator is after the destination IP address and wildcard, conditions match when the destination port matches the defined port. The port is a decimal number or name of a Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) port. The number can be from 0 to 65535. Use TCP port names only for TCP traffic. Use UDP port names only for UDP traffic. Defaults There are no specific conditions that deny packets in the named or numbered IP ACL. The default ACL is always terminated by an implicit deny statement for all packets. Command Modes Access-list configuration Command History Release 12.1(6)EA2 12.2(15)ZJ Modification This command was introduced. This command was implemented on the following platforms: Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers. Usage Guidelines Use this command after the ip access-list global configuration command to specify deny conditions for an IP ACL. You can specify a source IP address, destination IP address, IP protocol, TCP port, or UDP port. Specify the TCP and UDP port numbers only if protocol is tcp or udp and operator is eq. Note For more information about configuring IP ACLs, refer to the "Configuring IP Services" chapter in the Cisco IOS IP Configuration Guide, Release 12.2. Examples The following example shows how to create an extended IP ACL and to configure deny conditions for it: Switch(config)# ip access-list extended Internetfilter Switch(config-ext-nacl)# deny tcp host 190.5.88.10 any Switch(config-ext-nacl)# deny tcp host 192.1.10.10 any The following is an example of a standard ACL that sets a deny conditions: ip access-list standard Acclist1 deny 192.5.34.0 0.0.0.255 deny 128.88.10.0 0.0.0.255 deny 36.1.1.0 0.0.0.255 Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 171