access-list (IP extended)
operator port
dscp dscp-value
time-range
time-range-name
Defaults
The default extended ACL is always terminated by an implicit deny statement for all packets.
Command Modes
Global configuration
Command History
Release
12.1(6)EA2
Usage Guidelines
Plan your access conditions carefully. The ACL is always terminated by an implicit deny statement for
all packets.
You can use ACLs to control virtual terminal line access by controlling the transmission of packets on
an interface.
Extended ACLs support only the TCP and UDP protocols.
Use the show ip access-lists command to display the contents of IP ACLs.
Use the show access-lists command to display the contents of all ACLs.
For more information about configuring IP ACLs, see the "Configuring Network Security with ACLs"
Note
chapter in the software configuration guide for this release.
Catalyst 2950 and Catalyst 2955 Switch Command Reference
2-6
(Optional) Define a source or destination port.
The operator can be only eq (equal).
If operator is after the source IP address and wildcard, conditions match
when the source port matches the defined port.
If operator is after the destination IP address and wildcard, conditions
match when the destination port matches the defined port.
The port is a decimal number or name of a TCP or User Datagram
Protocol (UDP) port. The number can be from 0 to 65535.
Use TCP port names only for TCP traffic.
Use UDP port names only for UDP traffic.
(Optional) Define a Differentiated Services Code Point (DSCP) value to
classify traffic.
For the dscp-value, enter any of the 13 supported DSCP values (0, 8, 10,
16, 18, 24, 26, 32, 34, 40, 46, 48, and 56), or use the question mark (?) to
see a list of available values.
(Optional) For the time-range keyword, enter a meaningful name to
identify the time range. For a more detailed explanation of this keyword,
see the software configuration guide.
Modification
This command was introduced.
Chapter 2
Catalyst 2950 and 2955 Cisco IOS Commands
OL-10102-01