permit (IPv4)
To create an IPv4 access control list(ACL) rule thta permits traffic matching its conditions, use the permitcommand. To remove a rule, use the no form of this commands.
This is for test
CSCsy01403: Make sure there are no extra spaces in the syntax diagram block following
General Syntax: [sequence-number ] permit protocol source destination QA Test: CSCsv22488 The following groupchose should appear with square brackets only [dscp dscp | QA test CSCsz89741: check that a space appears after this precedence]
[QA Test: CSCsx24477] This synblk must appear on a different line protocol source destination
QA Test Sprint 9 CSCtc25038 and CSCsw43905 There should be a pipe separator between this sentence | and this sentence. There should also be a single space before the pipe and after the pipe
QA Test Sprint 9: Open this command in firefox and check that the fonts for the command syntax is the same size.
no deny protocol {source-ipv6-prefix/ prefix-length | any | host source-ipv6-address} [operator [port-number] ] {destination-ipv6-prefix/ prefix-length | any | host destination-ipv6-address} [operator [port-number] ] [dest-option-type [doh-number | doh-type]] [dscpvalue] [flow-labelvalue] [fragments] [log] [log-input] [mobility] [mobility-type [mh-number | mh-type]] [routing] [routing-typerouting-number] [sequencevalue] [time-rangename] [undetermined-transport]
Command Default
A Newly created IPv4 ACL contains no rules
If yo do not specify a sequence number, the device assigns to the rule a sequence number that is greater than 10 greater than the last rule in the ACL
Command Modes
IPv4 ACL configuration
Source and Destination
- IP address group object—
- You can use
an IPv4 address group object to specify a source or destination argument. Use
the
object-group ip address command to create and change
IPv4 address group objects. The syntax is as follows: QA: CSCsz86893. These sep
elements after addrgroup should render with a space (2 spaces). This is outside
of a syntaxdiagram.
addrgroup space address-group-name
- Address and network wildcard
- You can use
an IPv4 address followed by a network wildcard to specify a host or a network
as a source or destination. The syntax is as follows:IPv4-addressnetwork-willdcard
The following example shows how to specify the source argument with the IPv4 address and VLSM for the 192.168.67.0 subnet
switch(config-acl)#
ICMP Message Types
The icmp-message argument can be the ICMP message number, which is an integer from 0 to 255. It can also be one of the following keywords:
- administratively-prohibited
- Administratively-prohibited
- alternate-address
- Alternate-address
TCP Port Names
When you specify the protocol argument as tcp, the port argument can be a TCP port number, which is an integer from 0 to 65535. It can also be one of the following keywords:
- bgp
- Border Gateway Protocol
- chargen
- Character generator
- cmd
- Remote commands (rcmd,514)