Product guide
Access Control Lists (ACLs) for the Series 5300xl Switches
Configuring and Assigning an ACL
Comparison Operators:
• eq < tcp/udp-port-nbr > — “Equal To”; to have a match with
the ACE entry, the TCP or UDP source port number in a
packet must be equal to < tcp/udp-port-nbr >.
• gt < tcp/udp-port-nbr > — “Greater Than”; to have a match
with the ACE entry, the TCP or UDP source port number
in a packet must be greater than < tcp/udp-port-nbr >.
• lt < tcp/udp-port-nbr > — “Less Than”; to have a match with
the ACE entry, the TCP or UDP source port number in a
packet must be less than < tcp/udp-port-nbr >.
• neq < tcp/udp-port-nbr> — “Not Equal”; to have a match
with the ACE entry, the TCP or UDP source port number
in a packet must not be equal to < tcp/udp-port-nbr >.
• range < start-port-nbr > < end-port-nbr > — To have a match
with the ACE entry, the TCP or UDP source port number
in a packet must be in the range < start-port-nbr > < end-
port-nbr >.
Port Number or Well-Known Port Name:
Use the TCP or UDP port number required by your
application. The switch also accepts these well-known TCP
or UDP port names as an alternative to their corresponding
port numbers:
• TCP: bgp, dns, ftp, http, imap4, ldap, nntp, pop2, pop3, smtp, ssl,
telnet
• UDP: bootpc, dns, ntp, radius, radius-old, rip, snmp, snmp-trap,
tftp
To list the above names, press the
[Shift] [?] key combination
after entering an operator. For a comprehensive listing of
port numbers, visit www.iana.org/assignments/port-
numbers.
< any | host < dest-ip-addr > | ip-addr/mask-length >
In an extended ACL, this parameter defines the destination
IP address (DA) that a packet must carry in order to have
a match with the ACE. The options are the same as shown
for < src-ip-addr >.
[< dest-port tcp/udp-id >]
In an extended ACL, this parameter defines the TCP or UDP
destination port number a packet must carry in order to
have a match with the extended ACE. The options are the
same as shown above on the preceding page for the source
IP address.
9-41