Administrator Guide
Layer 2 Switching Commands 271
– IPv4 protocols: eigrp, gre, icmp, igmp, ip, ipinip, ospf, tcp, udp, pim,
arp, sctp
– number: a protocol number in decimal, for example, 8 for EGP
– every: Match any protocol (don’t care)
•
srcip srcmask | any | host srcip
—Specifies a source IP address and
netmask to match for the IP ACL rule.
– Specifying “any” implies specifying srcip as “0.0.0.0” and srcmask as
“255.255.255.255” for IPv4.
– Specifying “host A.B.C.D” implies srcip as “A.B.C.D” and srcmask as
“0.0.0.0”.
•
[{{eq | neq | lt | gt} {portkey | number} | range startport endport}]
—
Specifies the layer 4 source or destination port match condition for the
TCP/UDP ACL rule. When the protocol is SCTP, TCP or UDP, a source or
destination port number, which ranges from 0-65535, or a portkey, which
can be one of the following keywords: domain, echo, ftp, ftp-data, http,
smtp, snmp, telnet, tftp, www, bgp, pop2, pop3, ntp, rip, time, who may be
entered. Each of these keywords translates into its equivalent destination
port number.
– When “range” is specified, IP ACL rule matches only if the layer 4
port number falls within the specified port range. The startport and
endport parameters identify the first and last ports that are part of the
port range. They have values from 0 to 65535. The ending port must
have a value equal or greater than the starting port. The starting port,
ending port, and all ports in between will be part of the layer 4 port
range.
– When “eq” is specified, IP ACL rule matches only if the layer 4 port
number is equal to the specified port number or portkey.
– When “lt” is specified, IP ACL rule matches if the layer 4 destination
port number is less than the specified port number or portkey. It is
equivalent to specifying the range as 0 to <specified port number –
1>.
– When “gt” is specified, IP ACL rule matches if the layer 4 destination
port number is greater than the specified port number or portkey. It is
equivalent to specifying the range as <specified port number + 1> to
65535.