Access Security Guide K/KA/KB.15.15
Syntax
[ precedence < 0 - 7 | precedence-name > ]
This option causes the ACE to match packets with the specified IP precedence value.
Values can be entered as the following IP precedence numbers or alphanumeric
names:
0 or routine
1 " priority
2 " immediate
3 " flash
4 "flash-override
5 " critical
6 " internet (for internetwork control)
7 " network (for network control)
NOTE: the precedence criteria described in this section are applied in addition
to any other selection criteria configured in the same ACE.
[ tos ]
This option can be used after the DA to cause the ACE to match packets with the
specified Type-of-Service (ToS) setting. ToS values can be entered as the following
numeric settings or, in the case of 0, 2, 4, and 8, as alphanumeric names:
0 or normal
2 " max-reliability
4 " max-throughput
6
8 " minimize-delay
NOTE: The ToS criteria in this section are applied in addition to any other criteria
configured in the same ACE.
[log]
Optional; generates an Event Log message if:
• The action is deny. This option is not configurable for Permit.
• There is a match.
• ACL logging is enabled on the switch. See “Enabling ACL logging on the
switch” (page 294) for details.
Controlling TCP and UDP traffic flow
An ACE designed to permit or deny TCP or UDP traffic can optionally include port number criteria
for either the source or destination, or both. Use of TCP criteria also allows the established
option for controlling TCP connection traffic. For a summary of the extended ACL syntax options,
see “Including options for TCP and UDP traffic in extended ACLs” (page 267).
Syntax:
access-list < 100 - 199 > < deny | permit > < tcp |
udp >
< SA > [comparison-operator < tcp/udp-src-port >]
< DA > [comparison-operator < tcp-dest-port >] [established]
< DA > [comparison-operator < udp-dest-port >]
274 IPv4 Access Control Lists (ACLs)