ACL Commands 93• source-port — Specifies the UDP/TCP source port. (Range: 1 - 65535)• source-port-wildcard —Specifies wildcard bits to be applied to the source port by placing 1s in bitpositions to be ignored.• flags list-of-flags — Specifies the list of TCP flags. If a flag is set, it is prefixed by "+". If a flag isnot set, it is prefixed by "-". Available options are +urg, +ack, +psh, +rst, +syn, +fin, -urg, -ack,-psh, -rst, -syn and -fin. The flags are concatenated to a one string. For example: +fin-ack.Default ConfigurationNo IPv4 ACL is defined.Command ModeIP-Access List Configuration mode.User Guidelines• Use the ip access-list Global Configuration mode command to enable the IP-Access ListConfiguration mode.• Before an Access Control Element (ACE) is added to an ACL, all packets are permitted. After an ACEis added, an implied deny-any-any condition exists at the end of the list and those packets that do notmatch the conditions defined in the permit statement are denied.ExampleThe following example shows how to define a permit statement for an IP ACL.deny (IP)The deny IP-Access List Configuration mode command denies traffic if the conditions defined in thedeny statement match.Syntax• deny [disable-port] {any| protocol} {any|{source source-wildcard}} {any|{destination destination-wildcard}} [dscp number | ip-precedence number]• deny-icmp [disable-port] {any|{source source-wildcard}} {any|{destination destination-wildcard}}{any|icmp-type} {any|icmp-code} [dscp number | ip-precedence number]• deny-igmp [disable-port] {any|{source source-wildcard}} {any|{destination destination-wildcard}}{any|igmp-type} [dscp number | ip-precedence number]Console(config)# ip access-list ip-acl1Console(config-ip-al)# permit rsvp 192.1.1.1 0.0.0.0 any dscp 56book.book Page 93 Thursday, December 18, 2008 7:40 PM