78 ACL CommandsDefault ConfigurationNo IPv4 ACL is defined.Command ModeIP-Access List Configuration mode.User Guidelines• Use the ip access-list Global Configuration mode command to enable the IP-Access ListConfiguration mode.• Before an Access Control Element (ACE) is added to an ACL, all packets are permitted. After an ACEis added, an implied deny-any-any condition exists at the end of the list and those packets that do notmatch the conditions defined in the permit statement are denied.ExampleThe following example shows how to define a permit statement for an IP ACL.deny (IP)The deny IP-Access List Configuration mode command denies traffic if the conditions defined in thedeny statement match.Syntax• deny [disable-port] {any| protocol} {any|{source source-wildcard}} {any|{destination destination-wildcard}} [dscp number | ip-precedence number]• deny-icmp [disable-port] {any|{source source-wildcard}} {any|{destination destination-wildcard}}{any|icmp-type} {any|icmp-code} [dscp number | ip-precedence number]• deny-igmp [disable-port] {any|{source source-wildcard}} {any|{destination destination-wildcard}}{any|igmp-type} [dscp number | ip-precedence number]• deny-tcp [disable-port] {any|{ source source-wildcard}} {any|source-port} {any|{destinationdestination-wildcard}} {any|destination-port} [dscp number | ip-precedence number] [flags list-of-flags] [src-port-wildcard source-port-wildcard] [dst-port-wildcard source-port-wildcard]• deny-udp [disable-port] {any|{ source source-wildcard}} {any| source-port} {any|{destinationdestination-wildcard}} {any|destination-port} [dscp number | ip-precedence number] [src-port-wildcard source-port-wildcard] [dst-port-wildcard source-port-wildcardConsole(config)# ip access-list ip-acl1Console(config-ip-al)# permit rsvp 192.1.1.1 0.0.0.0 any dscp 565400_CLI.book Page 78 Wednesday, December 17, 2008 4:33 PM