Example
An ACL rule with a TCP port lt 1023 uses only one entry in the CAM.
Rule# Data Mask From To #Covered
1 0000000000000000 1111110000000000 0 1023 1024
Total Ports: 1024
Related
Commands
ip access-list extended — creates an extended ACL.
permit — assigns a permit filter for IP packets.
permit udp — assigns a permit filter for UDP packets.
permit udp
To pass UDP packets meeting the filter criteria, configure a filter.
Syntax
permit udp {source mask | any | host ip-address} [operator port
[port]] {destination mask | any | host ip-address} [dscp]
[operator port [port]] [count [byte] [order] [fragments]
To remove this filter, you have two choices:
• Use the no seq sequence-number command if you know the filter’s
sequence number.
• Use the no permit udp {source mask | any | host ip-address}
{destination mask | any | host ip-address command.
Parameters
source Enter the IP address of the network or host from which the
packets were sent.
mask Enter a network mask in /prefix format (/x) or A.B.C.D. The
mask, when specified in A.B.C.D format, may be either
contiguous or non-contiguous.
any Enter the keyword any to specify that all routes are subject
to the filter.
host ip-address Enter the keyword host and then enter the IP address to
specify a host IP address.
dscp Enter the keyword dscp to deny a packet based on the
DSCP value. The range is from 0 to 63.
operator (OPTIONAL) Enter one of the following logical operand:
• eq = equal to
• neq = not equal to
• gt = greater than
• lt = less than
• range = inclusive range of ports (you must specify two
ports for the
port parameter)
214
Access Control Lists (ACL)
