ACL Commands
Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide
•
source-port
—Specifies the UDP/TCP source port. Predefined port names
are defined in the destination-port parameter. (Range: 0–65535)
•
list-of-flag
match-all
set it is prefixed by "+".If a flag should be unset it is prefixed by "-". Available
options are +urg, +ack, +psh, +rst, +syn, +fin, -urg, -ack, -psh, -rst, -syn and
-fin. The flags are concatenated to a one string. For example: +fin-ack.
•
time-range-name
statement. (Range: 1–32)
•
log-input—Specifies sending an informational SYSLOG message about
the packet that matches the entry. Because forwarding/dropping is done in
hardware and logging is done in software, if a large number of packets
match an ACE containing a log-input keyword, the software might not be
able to match the hardware processing rate, and not all packets will be
logged.
Default Configuration
No IPv6 access list is defined.
Command Mode
Ipv6 Access-list Configuration mode
User Guidelines
If a range of ports is used for the destination port in an ACE, it is not counted again
if it is also used for destination port in another ACE.
The number of TCP/UDP ranges that can be defined in ACLs is limited. If a range of
ports is used for a source port in ACE, it is not counted again if it is also used for a
source port in another ACE. If a range of ports is used for destination port in ACE it
is not counted again if it is also used for destination port in another ACE.
If a range of ports is used for source port it is counted again if it is also used for
destination port.
If ace-priority is omitted, the system sets the rule's priority to the current highest
priority ACE (in the current ACL) + 20. The ACE-priority must be unique per ACL.If
the user types already existed priority, then the command is rejected.
—List of TCP flags that should occur. If a flag should be
—Name of the time range that applies to this permit
2
58