Controlling TCP and UDP traffic flow

An ACE designed to permit or deny TCP or UDP traffic can optionally include port number criteria for either the source or destination, or both.


access-list <100-199> <deny|permit> <tcp|udp>

<SA> [comparison-operator <tcp/udp-src-port>]

<DA> [comparison-operator <tcp-dest-port>]

<DA> [comparison-operator <udp-dest-port>]

This source-port and destination-port TCP/UDP criteria is identical to the criteria described for TCP/UDP use in named, extended ACLs.