Reference Guide
Access Control Lists (ACL) | 213
Defaults
Not configured.
Command Modes
CONFIGURATION-EXTENDED-ACCESS-LIST
bit Enter a flag or combination of bits:
ack: acknowledgement field
fin: finish (no more data from the user)
psh: push function
rst: reset the connection
syn: synchronize sequence numbers
urg: urgent field
operator
(OPTIONAL) Enter one of the following logical operand:
•
eq = equal to
•
neq = not equal to
•
gt = greater than
•
lt = less than
•
range = inclusive range of ports (you must specify two ports for the
port command parameter.
port port Enter the application layer port number. Enter two port numbers if using
the range logical operand.
Range: 0 to 65535.
The following list includes some common TCP port numbers:
•23 = Telnet
• 20 and 21 = FTP
•25 = SMTP
• 169 = SNMP
destination
Enter the IP address of the network or host to which the packets are
sent.
mask
Enter a network mask in /prefix format (/x) or A.B.C.D. The mask,
when specified in A.B.C.D format, may be either contiguous or
non-contiguous.
count
(OPTIONAL) Enter the keyword count to count packets processed by
the filter.
byte
(OPTIONAL) Enter the keyword byte to count bytes processed by the
filter.
log
(OPTIONAL, E-Series only) Enter the keyword log to enter ACL
matches in the log. Supported on Jumbo-enabled line cards only.
order
(OPTIONAL) Enter the keyword order to specify the QoS priority for
the ACL entry.
Range: 0-254 (where 0 is the highest priority and 254 is the lowest;
lower order numbers have a higher priority)
Default: If the order keyword is not used, the ACLs have the lowest
order by default (255).
monitor
(OPTIONAL) Enter the keyword monitor when the rule is describing
the traffic that you want to monitor and the ACL in which you are
creating the rule will be applied to the monitored interface. For details,
refer to the section “Flow-based Monitoring” in the Port Monitoring
chapter of the FTOS Configuration Guide.
fragments Enter the keyword
fragments to use ACLs to control packet fragments.