Reference Guide
Access Control Lists (ACL) | 215
But an ACL rule with TCP port lt 1023 takes only one entry in the CAM:
Rule# Data Mask From To #Covered
1 0000000000000000 1111110000000000 0 1023 1024
Total Ports: 1024
Related
Commands
deny udp
c e s
Configure a filter to drop UDP packets meeting the filter criteria.
Syntax
deny udp {source mask | any | host ip-address} [operator port [port]] {destination mask |
any | host ip-address} [dscp] [operator port [port]] [count [byte] | log] [order] [monitor]
[
fragments]
To remove this filter, you have two choices:
• Use the
no seq sequence-number command syntax if you know the filter’s
sequence number or
• Use the
no deny udp {source mask | any | host ip-address} {destination mask | any |
host ip-address} command.
Parameters
deny Assign a filter to deny IP traffic.
deny udp Assign a filter to deny UDP traffic.
source
Enter the IP address of the network or host from which the packets were sent.
mask
Enter a network mask in /prefix format (/x) or A.B.C.D. The mask, when
specified in A.B.C.D format, may be either contiguous or non-contiguous.
any
Enter the keyword any to specify that all routes are subject to the filter.
host ip-address Enter the keyword host followed by the IP address to specify a host IP
address.
dscp
Enter this keyword to deny a packet based on DSCP value.
Range: 0-63
operator
(OPTIONAL) Enter one of the following logical operand:
•
eq = equal to
•
neq = not equal to
•
gt = greater than
•
lt = less than
•
range = inclusive range of ports
port port (OPTIONAL) Enter the application layer port number. Enter two port
numbers if using the
range logical operand.
Range: 0 to 65535
destination
Enter the IP address of the network or host to which the packets are sent.
mask
Enter a network mask in /prefix format (/x) or A.B.C.D. The mask, when
specified in A.B.C.D format, may be either contiguous or non-contiguous.