access-list
This command configures the Firewall table, which lets you define firewall rules that define network traffic filtering rules.
Syntax
(config-network)# access-list <Index> (access-list-<Index>)#
|
Command |
Description |
|---|---|
|
Index |
Defines the table row index. |
|
allow-type {allow|block} |
Defines the firewall action if the rule is matched. |
|
byte-burst |
Defines the allowed traffic burst in bytes. |
|
byte-rate |
Defines the allowed traffic bandwidth in bytes per second. |
|
description |
Defines an arbitrary name to easily identify the row. |
|
dns-query-type {A|AAAA|CNAME-A| CNAME-AAAA|SRV-A|SRV-AAAA} |
Defines the DNS query (request) type used by the device to query the DNS server to resolve the domain name into an IP address(es) when the 'Source IP' parameter is configured with an FQDN. |
|
end-port |
Defines the destination ending port. |
|
network-interface-name |
Defines the IP Network Interface (string) for which the rule applies. |
|
packet-size |
Defines the maximum allowed packet size. |
|
prefixLen |
Defines the prefix length of the source IP address (defining a subnet). |
|
protocol |
Defines the IP user-level protocol. |
|
source-ip |
Defines the source IP address from where the packets are received. |
|
src-port |
Defines the source port from where the packets are received. |
|
start-port |
Defines the destination starting port. |
|
use-specific-interface {disable|enable} |
Use the rule for a specific interface or for all interfaces. |
Command Mode
Privileged User
Example
This example configures a firewall rule allowing a maximum packet size of 1500 bytes on the "ITSP" network interface:
(config-network)# access-list (access-list-0)# use-specific-interface enable (access-list-0)# network-interface-name ITSP (access-list-0)# allow-type allow (access-list-0)# packet-size 1500