permit (IPv4)
To create an IPv4 access control list(ACL) rule thta permits traffic matching its conditions, use the permit command. To remove a rule, use the no form of this commands.
This is for test
CSCsy01403: Make sure there are no extra spaces in the syntax diagram block following
General Syntax: [sequence-number ] permit protocol source destination QA Test: CSCsv22488 The following groupchose should appear with square brackets only [ dscp dscp | QA test CSCsz89741: check that a space appears after this precedence ]
[QA Test: CSCsx24477] This synblk must appear on a different line protocol source destination
QA Test Sprint 9 CSCtc25038 and CSCsw43905 There should be a pipe separator between this sentence | and this sentence. There should also be a single space before the pipe and after the pipe
QA Test Sprint 9: Open this command in firefox and check that the fonts for the command syntax is the same size.
no deny protocol { source-ipv6-prefix / prefix-length | any | host source-ipv6-address } [ operator [port-number] ] { destination-ipv6-prefix / prefix-length | any | host destination-ipv6-address } [ operator [port-number] ] [ dest-option-type [ doh-number | doh-type ] ] [ dscp value ] [ flow-label value ] [ fragments ] [ log ] [ log-input ] [ mobility ] [ mobility-type [ mh-number | mh-type ] ] [ routing ] [ routing-type routing-number ] [ sequence value ] [ time-range name ] [ undetermined-transport ]
Command Default
A Newly created IPv4 ACL contains no rules
If yo do not specify a sequence number, the device assigns to the rule a sequence number that is greater than 10 greater than the last rule in the ACL
Command Modes
IPv4 ACL configuration
Source and Destination
- IP address group object—
-
You can use an IPv4 address group object to specify a source or destination argument. Use the
object-group ip address
command to create and change IPv4 address group objects. The syntax is as follows: QA: CSCsz86893. These sep elements after
addrgroup should render with a space (2 spaces). This is outside of a syntaxdiagram.
addrgroup space address-group-name
- Address and network wildcard
-
You can use an IPv4 address followed by a network wildcard to specify a host or a network as a source or destination. The
syntax is as follows:
IPv4-address
network-willdcard
The following example shows how to specify the source argument with the IPv4 address and VLSM for the 192.168.67.0 subnet
switch(config-acl)#
ICMP Message Types
The icmp-message argument can be the ICMP message number, which is an integer from 0 to 255. It can also be one of the following keywords:
- administratively-prohibited
- Administratively-prohibited
- alternate-address
- Alternate-address
TCP Port Names
When you specify the protocol argument as tcp , the port argument can be a TCP port number, which is an integer from 0 to 65535. It can also be one of the following keywords:
- bgp
- Border Gateway Protocol
- chargen
- Character generator
- cmd
- Remote commands (rcmd,514)