IP-ICMP-TCP-UDP access-list cisco

IP

access-list access-list-number [dynamic dynamic-name [timeout minutes]]

{deny | permit} agreement antecedent source-wildcard

destination destination-wildcard [precedence precedence]

[tos tos] [log | log-input] [time-range time-range-name]

ICMP

access-list access-list-number [dynamic dynamic-name [timeout minutes]]

{deny | permit} icmp antecedent source-wildcard

destination destination-wildcard

[icmp-type | [[icmp-type icmp-code] | [icmp-message]]

[precedence precedence] [tos tos] [log | log-input]

[time-range time-range-name]

TCP

access-list access-list-number [dynamic dynamic-name [timeout minutes]]

{deny | permit} tcp antecedent source-wildcard [operator [port]]

destination destination-wildcard [operator [port]] [established]

[precedence precedence] [tos tos] [log | log-input]

[time-range time-range-name]

UDP

access-list access-list-number [dynamic dynamic-name [timeout minutes]]

{deny | permit} udp antecedent source-wildcard [operator [port]]

destination destination-wildcard [operator [port]]

[precedence precedence] [tos tos] [log | log-input]

[time-range time-range-name]

In all software releases, the access-list-number can be 101 to 199. In Cisco IOS Software Release 12.0.1, continued ACLs activate to use added numbers (2000 to 2699). These added numbers are referred to as broadcast IP ACLs. Cisco IOS Software Release 11.2 added the adeptness to use account name in continued ACLs.

The amount of 0.0.0.0/255.255.255.255 can be authentic as any. After the ACL is defined, it charge be activated to the interface (inbound or outbound). In aboriginal software releases, out was the absence back a keyword out or in was not specified. The administration charge be authentic in after software releases.

interface

ip access-group {number|name} {in|out}

This continued ACL is acclimated to admittance cartage on the 10.1.1.x arrangement (inside) and to accept ping responses from the alfresco while it prevents unsolicited pings from bodies outside, allowing all added traffic.

interface Ethernet0/1

ip abode 172.16.1.2 255.255.255.0

ip access-group 101 in

access-list 101 abjure icmp any 10.1.1.0 0.0.0.255 answer

access-list 101 admittance ip any 10.1.1.0 0.0.0.255

Note: Some applications such as arrangement administration crave pings for a keepalive function. If this is the case, you ability ambition to absolute blocking entering pings or be added diminutive in permitted/denied IPs.