Rtr1(config)#access-list 101 permit udp any eq ?
<0-65535> Port number
biff Biff (mail notification, comsat, 512)
bootpc Bootstrap Protocol (BOOTP) client (68)
bootps Bootstrap Protocol (BOOTP) server (67)
discard Discard (9)
dnsix DNSIX security protocol auditing (195)
domain Domain Name Service (DNS, 53)
echo Echo (7)
isakmp Internet Security Association and Key Management Protocol (500)
mobile-ip Mobile IP registration (434)
nameserver IEN116 name service (obsolete, 42)
netbios-dgm NetBios datagram service (138)
netbios-ns NetBios name service (137)
netbios-ss NetBios session service (139)
ntp Network Time Protocol (123)
pim-auto-rp PIM Auto-RP (496)
rip Routing Information Protocol (router, in.routed, 520)
snmp Simple Network Management Protocol (161)
snmptrap SNMP Traps (162)
sunrpc Sun Remote Procedure Call (111)
syslog System Logger (514)
tacacs TAC Access Control System (49)
talk Talk (517)
tftp Trivial File Transfer Protocol (69)
time Time (37)
who Who service (rwho, 513)
xdmcp X Display Manager Control Protocol (177)
In the following extended ACL example, the first statement blocks
network hosts in 192.168.3.0 from sending SNMP packets into the 192.168.1.0
network. The second statement blocks the same hosts from accessing any TFTP
servers. The third statement blocks any RIP routing updates from going to the
192.168.1.0 network.
access-list 101 deny udp 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255 eq snmp
access-list 101 deny udp 192.168.3.0 0.0.0.255 any eq tftp
access-list 101 deny udp any 192.168.1.0 0.0.0.255 any eq rip
access-list 101 permit ip any any
The final statement permits the remaining UDP packets, plus
all TCP and ICMP packets.
Sections
Comments (0 posted)
Syndication
