source and destination Identi?¬?es source and destination IP addresses.
source-wildcard and
destination-wildcard
Wildcard mask; 0s indicate positions that must match, and 1s indicate
???don??™t care??? positions.
operator [port|app_name] The operator can be lt (less than), gt (greater than), eq (equal to), or neq
(not equal to). The port number referenced can be either the source port
or the destination port, depending on where in the ACL the port number
is con?¬?gured. As an alternative to the port number, well-known
application names can be used, such as Telnet, FTP, and SMTP.
established For inbound TCP only. Allows TCP traf?¬?c to pass if the packet is a
response to an outbound-initiated session. This type of traf?¬?c has the
acknowledgement (ACK) bits set. (See the Extended ACL with the
Established Parameter example.)
log Sends a logging message to the console.
230 Chapter 6: Managing Traffic with Access Control Lists
The ip access-group command links an existing extended ACL to an interface. Only one ACL per
protocol, per direction, and per interface is allowed.
Table 6-7 de?¬?nes the parameters of the ip access-group command.
The following list shows the steps that are required to con?¬?gure and apply an extended ACL on a
router:
Step 1 De?¬?ne an extended IPv4 ACL.
Pages:
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351