proto |
Configures the ACL for additional protocols Additional
protocols (other than IP, ICMP, TCP, and UDP) must be configured using this
parameter.
|
<PROTOCOL-NUMBER> |
Filters protocols using their IANA protocol number
- <PROTOCOL-NUMBER> – Specify the protocol number.
|
<PROTOCOL-NAME> |
Filters protocols using their IANA protocol name
- <PROTOCOL-NAME> – Specify the protocol name.
|
eigrp |
Identifies the EIGRP protocol (number 88) EIGRP
enables routers to maintain copies of neighbors‘ routing tables. Routers use this
information to determine the fastest route to a destination. When a router fails
to find a route in its stored route tables, it sends a query to neighbors who in
turn query their neighbors till a route is found. EIGRP also enables routers to
inform neighbors of changes in their routing tables.
|
gre |
Identifies the GRE protocol (number 47) GRE is a
tunneling protocol that enables transportation of protocols (IP, IPX, DEC net,
etc.) over an IP network. GRE encapsulates the packet at the source and removes
the encapsulation at the destination.
|
igp |
Identifies any private internal gateway (primarily used
by CISCO for their IGRP) (number 9) IGP enables exchange of information between
hosts and routers within a managed network. The most commonly used IGP protocols
are: RIP and OSPF.
|
ospf |
Identifies the OSPF protocol (number 89) OSPF is a
link-state IGP. OSPF routes IP packets within a single routing domain (autonomous
system), like an enterprise LAN. OSPF gathers link state information from neighbor
routers and constructs a network topology. The topology determines the routing
table presented to the Internet Layer which makes routing decisions based solely
on the destination IP address found in IP packets.
|
vrrp |
Identifies the VRRP protocol (number 112) VRRP allows
a pool of routers to be advertized as a single virtual router. This virtual router
is configured by hosts as their default gateway. VRRP elects a master router, from
this pool, and assigns it a virtual IP address. The master router routes and
forwards packets to hosts on the same subnet. When the master router fails, one of
the backup routers is elected as the master and its IP address is mapped to the
virtual IP address.
|
<SOURCE-IPv6/MASK> |
Specifies a range of IPv6 source address (network) to
match. Packets (EIGRP, GRE, IGMP, IGP, OSPF, or VRRP) received from any source in
the specified network are dropped. |
any |
Specifies the source as any IPv6 address. Packets
(EIGRP, GRE, IGMP, IGP, OSPF, or VRRP) received from any source are dropped. |
host <SOURCE-HOST-IPv6> |
Identifies a specific host (as the source to match) by
its IPv6 address. Packets (EIGRP, GRE, IGMP, IGP, OSPF, or VRRP) received from the
specified host are dropped.
- <SOURCE-HOST-IP> – Specify the source host‘s exact IPv6 address.
|
<DEST-IPv6/MASK> |
Specifies a range of IPv6 destination address (network)
to match. Packets (EIGRP, GRE, IGMP, IGP, OSPF, or VRRP) addressed to any
destination within the specified network are dropped. |
any |
Specifies the destination as any IPv6 address. Packets
(EIGRP, GRE, IGMP, IGP, OSPF, or VRRP) addressed to any destination are
dropped. |
host <DEST-HOST-IPv6> |
Identifies a specific host (as the destination to match)
by its IPv6 address. Packets (EIGRP, GRE, IGMP, IGP, OSPF, or VRRP) addressed to the
specified host are dropped.
- <DEST-HOST-IPv6> – Specify the destination host‘s exact IPv6 address.
|
log |
Logs all deny events matching this entry |
rule-precedence <1-5000> |
Assigns a precedence for this deny rule
- <1-5000> – Specify a value from 1 - 5000.
Note: Lower the precedence higher is the priority. A rule with precedence 3
gets priority over a rule with precedence 10.
|
rule-description <LINE> |
Optional. Configures a description for this deny rule.
Provide a description that uniquely identifies the purpose of this rule (should not
exceed 128 characters in length). |