Some protocols also have specific parameters and keywords that apply to that protocol.
You can define an extended TCP, UDP, ICMP, IGMP, or other IP ACL. The switch also supports these IP
protocols:
ICMP echo-reply cannot be filtered. All other ICMP codes or types can be filtered.
Note
These IP protocols are supported:
•
Authentication Header Protocol (
ahp
)
•
Encapsulation Security Payload (
esp
)
•
Enhanced Interior Gateway Routing Protocol (
eigrp
)
•
generic routing encapsulation (
gre
)
•
Internet Control Message Protocol (
icmp
)
•
Internet Group Management Protocol (
igmp
)
•
any Interior Protocol (
ip
)
•
IP in IP tunneling (
ipinip
)
•
KA9Q NOS-compatible IP over IP tunneling (
nos
)
•
Open Shortest Path First routing (
ospf
)
•
Payload Compression Protocol (
pcp
)
•
Protocol-Independent Multicast (
pim
)
•
Transmission Control Protocol (
tcp
)
•
User Datagram Protocol (
udp
)
Named IPv4 ACLs
You can identify IPv4 ACLs with an alphanumeric string (a name) rather than a number. You can use named
ACLs to configure more IPv4 access lists in a router than if you were to use numbered access lists. If you
identify your access list with a name rather than a number, the mode and command syntax are slightly different.
However, not all commands that use IP access lists accept a named access list.
The name you give to a standard or extended ACL can also be a number in the supported range of access
list numbers. That is, the name of a standard IP ACL can be 1 to 99. The advantage of using named ACLs
instead of numbered lists is that you can delete individual entries from a named list.
Note
Consider these guidelines and limitations before configuring named ACLs:
•
Not all commands that accept a numbered ACL accept a named ACL. ACLs for packet filters and route
filters on interfaces can use a name. VLAN maps also accept a name.
•
A standard ACL and an extended ACL cannot have the same name.
•
Numbered ACLs are also available.
Catalyst 2960-XR Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX1
OL-29434-01
115
Configuring IPv4 ACLs
Standard and Extended IPv4 ACLs