Controlling TCP and UDP traffic flow

An ACE designed to permit or deny TCP or UDP traffic can optionally include port number criteria for either the source or destination, or both. Use of TCP criteria also allows the established option for controlling TCP connection traffic. For a summary of the extended ACL syntax options, see Including options for TCP and UDP traffic in extended ACLs.

Syntax


access-list <100 - 199> {<deny | permit>} {<tcp | udp>}

<SA> [comparison-operator <tcp/udp-src-port>]

<DA> [comparison-operator <tcp-dest-port>] [established]

<DA> [comparison-operator <udp-dest-port>]
This source-port and destination-port TCP/UDP criteria is identical to the criteria described for TCP/UDP use in named, extended ACLs. See Including options for TCP and UDP traffic in extended ACLs.