Cisco 10000 User Manual
Page 488
22-4
Cisco 10000 Series Router Software Configuration Guide
OL-2226-23
Chapter 22 Configuring Template ACLs
Configuration Tasks for Template ACLs
dstip
Enables destination-IP-address filtering. Applies to packets
whose destination address matches the value of
If a subnet mask portion of the address is present, the router
compares only the masked bits. If you set
0.0.0.0, or if this keyword is not present, the filter matches all IP
packets.
srcp
Enables source-IP-address filtering. Applies to packets whose
source address matches the value of
mask portion of the address is present, the router compares only
the masked bits. If you set
keyword is not present, the filter matches all IP packets.
Specifies a protocol specified as a name or a number. Applies to
packets whose protocol field matches this value. Possible names
and numbers are icmp (1), tcp (6), udp (17), and ospf (89). If you
set this value to zero (0), the filter matches any protocol.
dstport
Enables destination-port filtering. This keyword is valid only
when
a destination port, the filter matches any port.
actual destination port. This value can be <, =, >, or !.
are ftp-data (20), ftp (21), telnet (23), nameserver (42), domain
(53), tftp (69), gopher (70), finger (79), www (80), kerberos
(88), hostname (101), nntp (119), ntp (123), exec (512), login
(513), cmd (514), and talk (517).
srcportcmp
Enables source-port filtering. This keyword is valid only when
source port, the filter matches any port.
actual destination port. This value can be <, =, >, or !.
are ftp-data (20), ftp (21), telnet (23), nameserver (42), domain
(53), tftp (69), gopher (70), finger (79), www (80), kerberos
(88), hostname (101), nntp (119), ntp (123), exec (512), login
(513), cmd (514), and talk (517).
When set to 1, specifies that the filter matches a packet only if a
TCP session is already established. This argument is valid only
when
Table 22-1
IP Data Filter Syntax Elements (continued)
Element
Description