Table�195:�Examples: Extended ACL Rules �
| To... |
Enter... |
| Use the DSCP in the packet to classify all traffic that has a:
- Source IP address of 199.93.239.168
- Destination address in the 1.1.1 subnet
|
access-list MyAcessList2 1 permit use-diffserv ip host 199.93.239.168 1.1.1.0 0.0.0.255 |
| Use the DSCP in the packet to classify all traffic that has a:
- Source IP address in the 3.0 subnet
- Destination address in the 5.0 subnet
- Mask the three least significant bits of the DSCP
|
access-list MyAccessList2 2 permit use-diffserv mask ip 3.0.0.0 0.255.255.255 5.0.0.0 0.255.255.255 |
| Assign a priority of 2 to all TCP traffic that has a:
- Source IP address in the 1.1 subnet
- Source port that is greater than 24
- Destination IP address in the 6.6 subnet
- Destination port of 23
|
access-list MyAccessList2 3 permit use-priority 2 tcp 1.1.0.0 0.0.255.255 gt 24 6.6.0.0 0.0.255.255 eq 23 |
- Replace the existing DSCP of packets with a DSCP of 12 for all traffic that has a source IP address of 199.93.238.83.
- Mask the three least significant bits of the DSCP.
|
access-list MyAccessList2 4 permit remark l2 mask ip host 199.93.238.83 any
|
| Replace the existing DSCP of the packet with a DSCP of 24 for all ICMP traffic that has a:
- Source IP address of 2.2.2.2
- Destination IP address of 4.4.4.4
|
access-list MyAccessList2 5 permit remark 24 icmp host 2.2.2.2 host 4.4.4.4 |
| Assign a priority of 6 to all TCP traffic that has a:
- Source IP address in the 10.10.10 subnet
- Destination IP address in the 11.11.11 subnet
- Destination port of 1
|
access-list MyAccessList2 6 permit use-priority 6 tcp 10.10.10.0 0.0.0.255 11.11.11.0 0.0.0.255 eq 1 |
| Use the layer 2 priority in the packet to classify all UDP traffic |
access-list MyAccessList2 7 permit use-l2 udp any any |
- Use the layer 2 priority in the packet to classify all TCP traffic that has a:
- Source IP address in the 5.5.5 subnet
- Destination IP address in the 6.6.6 subnet
- Destination port that is less than 2
- Permit TCP connections that meet this criteria
|
access-list MyAccessList2 8 permit use-l2 tcp 5.5.5.0 0.0.0.255 6.6.6.0 0.0.0.255 lt 2 established |
- Use the DSCP to classify all UDP traffic that has a:
- Source IP address of 7.7.7.7
- Destination IP address of 8.8.8.8
- Destination port between 33 and 44
- Mask the three least significant bits of the DSCP
|
access-list MyAccessList2 9 permit use-diffserv mask udp host 7.7.7.7 host 8.8.8.8 range 33 44 |
- Assign a priority of 7 to all TCP traffic that has a:
- Source IP address of 9.9.9.9
- Destination IP address of 3.3.3.3
- Destination port between 55 and 66
- Permit TCP connections that meet this criteria
|
access-list MyAccessList2 10 permit use-priority 7 tcp host 9.9.9.9 host 3.3.3.3 range 55 66 established |
|
