Cisco Cisco ASR 5700
ACL Configuration Mode Commands
deny/permit (by TCP/UDP packets) ▀
Command Line Interface Reference, StarOS Release 17 ▄
267
Important:
The mask must contain a contiguous set of one-bits from the least significant bit (LSB). Therefore,
allowed masks are 0, 1, 3, 7, 15, 31, 63, 127, and 255. For example, acceptable wildcards are 0.0.0.3, 0.0.0.255, and
0.0.15.255. A wildcard of 0.0.7.15 is not acceptable since the one-bits are not contiguous.
0.0.15.255. A wildcard of 0.0.7.15 is not acceptable since the one-bits are not contiguous.
any
Specifies that the rule applies to all packets.
host
Specifies that the rule applies to a specific host as determined by its IP address.
source_host_address
The IP address of the source host to filter against expressed in IPv4 dotted-decimal notation.
dest_host_address
The IP address of the destination host to filter against expressed in IPv4 dotted-decimal notation.
eq source_port
Specifies a single, specific source TCP port number to be filtered.
source_port
must be an integer from 0 through 65535.
gt source_port
Specifies that all source TCP port numbers greater than the one specified are to be filtered.
source_port
must be an integer from 0 through 65535.
lt source_port
Specifies that all source TCP port numbers less than the one specified are to be filtered.
source_port
must be an integer from 0 through 65535.
neq source_port
Specifies that all source TCP port numbers not equal to the one specified are to be filtered.
source_port
must be an integer from 0 through 65535.
dest_address
The IP address(es) to which the packet is to be sent.
This option is used to filter all packets to a specific IP address or a group of IP addresses.
When specifying a group of addresses, the initial address is configured using this parameter. The range can
then be configured using the
This option is used to filter all packets to a specific IP address or a group of IP addresses.
When specifying a group of addresses, the initial address is configured using this parameter. The range can
then be configured using the
dest_wildcard
parameter.
dest_wildcard
This option is used in conjunction with the
dest_address
option to specify a group of addresses for which
packets are to be filtered.
The mask must be entered as a complement:
The mask must be entered as a complement:
Zero-bits in this parameter mean that the corresponding bits configured for the
dest_address
parameter must be identical.