474
Chapter 9
Managing Traffic with Access Lists
lt Match only packets with a lower port number
neq Match only packets not on a given port number
range Match only packets in the range of port numbers
In the example below, any source IP address that has a destination IP
address of 172.16.30.2 has been denied.
RouterA(config)#access-list 110 deny tcp any host
172.16.30.2 ?
eq Match only packets on a given port number
established Match established connections
fragments Check fragments
gt Match only packets with a greater port
number
log Log matches against this entry
log-input Log matches against this entry,including
inputinterface
lt Match only packets with a lower port
number
neq Match only packets not on a given port
number
precedence Match packets with given precedence value
range Match only packets in the range of port
numbers
tos Match packets with given TOS value
<cr>
Now, you can press Enter here and leave the access list as is. However,
you can be even more specific: once you have the host addresses in place, you
can specify the type of service you are denying. The following help screen
gives you the options. You can choose a port number or use the application
or even the program name.
RouterA(config)#access-list 110 deny tcp any host
172.16.30.2 eq ?
<0-65535> Port number
bgp Border Gateway Protocol (179)
chargen Character generator (19)
cmd Remote commands (rcmd, 514)
daytime Daytime (13)
Copyright ©2002 SYBEX, Inc., Alameda, CA
www.sybex.com