24-Port Layer 3 Switch Management Guide
A
CCESS
 C
ONTROL
 L
IST
 C
OMMANDS
4-79
Related Commands
access-list ip (4-76)
permit, deny (Extended ACL) 
Use this command to add a rule to an Extended IP ACL. The rule sets a 
filter condition for packets with specific source and destination IP 
addresses, protocol types, source and destination TCP/UDP ports, or 
TCP control codes. Use the no form to remove a rule.
Syntax
{permit | deny} {any | source bitmask | host source} 
{any | destination bitmask | host destination} [protocol protocol-number] 
no {permit | deny} {any | source bitmask | host source} 
{any | destination bitmask | host destination} [protocol protocol-number] 
{permit | deny} {any | source bitmask | host source} 
{any | destination bitmask | host destination} {protocol tcp} 
[sport source-port] [dport destination-port] 
[control-code control-code code-bitmask] 
no {permit | deny} {any | source bitmask | host source} 
{any | destination bitmask | host destination} {protocol tcp} 
[sport source-port] [dport destination-port] 
[control-code control-code code-bitmask] 
{permit | deny} {any | source bitmask | host source}
{any | destination bitmask | host destination} {protocol udp} 
[sport source-port] [dport destination-port] 
no {permit | deny} {any | source bitmask | host source} 
{any | destination bitmask | host destination} {protocol udp} 
[sport source-port] [dport destination-port] 
• any – Any IP address (source if first field, destination if second 
field).
• source – Source IP address.
• destination – Destination IP address.
• bitmask – Decimal number representing the address bits to match.










