permit udp

To specify the UDP (User Datagram Protocol) packets to be forwarded based on the associated parameters, use the command permit udp in Extended ACL IP Configuration Mode.

permit

permit { udp }

{ {any } { | host } { <src-ip-address>} } { | <src-ip-address>} } { <src-mask>} }

{ [{gt } { <port-number (1-65535)> } { | lt } { <port-number (1-65535)> } { | eg } { <port-number (1-65535)> } { | range } { <port-number (1-65535)> } { <port-number (1-65535)>}] }

{ {any } { | host } { <dest-ip-address>} } { | <dest-ip-address>} } { <dest-mask>} }

{ [{gt } { <port-number (1-65535)> } { | lt } { <port-number (1-65535)> } { | eg } { <port-number (1-65535)> } { | range } { <port-number (1-65535)> } { <port-number (1-65535)>}] } { [{ack } { | rst}] }

{ [{tos } { {max-reliability } { | max-throughput } { | min-delay } { | normal } { |<value(0-7)>} } { | dscp <value (0-63)>}] } { {priority } { <value (1-255)>}] }

{ [svlan-id } { <vlan-id (1-4094)>] } { [svlan-priority } { <value (0-7)>] } { [cvlan-id } { <vlan-id (1-4094)>] } { [cvlan-priority } { <value (0-7)>] }

{ [{single-tag } { | double-tag}] }

{ [redirect } { {interface } { <iftype> } { <ifnum> } { | <iftype> } { <iface_list> } { [<iftype> } { <iface_list>] }

{ load-balance } { {src-ip } { | dst-ip } { | src-mac } { | dst-mac } { | vlanid } { | src-tcpport } { | dst-tcpport } { | src-udpport } { | dst-udpport}}] }

{ [sub-action } { {none } { | modify-vlan } { <short (1-4094)> } { | nested-vlan } { <short (1 -4094)>] }

Parameters

Parameter	Type	Description
`udp`		Enter to specify the UDP (User Datagram Protocol) to be forwarded based on the associated parameters.
`any`		Enter to specify that UDP packets can be forwarded from any source.
`host`		Enter to specify the host source IPv4 address to be used for forwarding the packets. Note: Both source and destination port cannot be configured. Only either source or the destination port range can be configured.
`<src-ip-address>`		Enter a value for the host source IPv4 address to be used for forwarding the packets.
`<src-mask>`		Enter to specify the address of the host that the packet is destined for and the network mask to use with the destination IP address.
`gt`		Enter to allow only the UDP control packets having the UDP source port numbers greater than the specified port number.
`<port-number (1-65535)>`		Enter a value for the port number. This value ranges from 1 to 65535.
`lt`		Enter to allow only the UDP control packets having the UDP source port numbers lesser than the specified port number.
`<port-number (1-65535)>`		Enter a value for the port number. This value ranges from 1 to 65535.
`eq`		Enter to allow only the UDP control packets having the specified UDP source port number.
`<port-number (1-65535)>`		Enter a value for the port number. This value ranges from 1 to 65535.
`range`		Enter to allow only the UDP control packets having the UDP source port numbers within the specified range.
`<port-number (1-65535)>`		Enter a value for the port number. This value ranges from 1 to 65535.
`any`		Enter to specify that UDP packets can be forwarded to any destination.
`host`		Enter to specify the host destination IPv4 address to be used for forwarding the packets. Note: Both source and destination port cannot be configured. Only either source or the destination port range can be configured.
`<dest-ip-address>`		Enter a value for the host destination IPv4 address to be used for forwarding the packets.
`<dest-mask>`		Enter to specify the address of the host that the packet is destined for and the network mask to use with the destination IP address.
`gt`		Enter to allow only the UDP control packets having the UDP destination port numbers greater than the specified port number.
`<port-number (1-65535)>`		Enter a value for the port number. This value ranges from 1 to 65535.
`lt`		Enter to allow only the UDP control packets having the UDP destination port numbers lesser than the specified port number.
`<port-number (1-65535)>`		Enter a value for the port number. This value ranges from 1 to 65535.
`eq`		Enter to allow only the UDP control packets having the specified UDP destination port number.
`<port-number (1-65535)>`		Enter a value for the port number. This value ranges from 1 to 65535.
`range`		Enter to allow only the UDP control packets having the UDP destination port numbers within the specified range.
`<port-number (1-65535)>`		Enter a value for the port number. This value ranges from 1 to 65535.
`tos`		Enter to allow the UDP packets based on the following type of service configuration.
`max-reliability`		Enter to allow the UDP packets having TOS field set as high reliability.
`max-throughput`		Enter to allow the UDP packets having TOS field set as high throughput.
`min-delay`		Enter to allow the UDP packets having TOS field set as low delay
`normal`		Enter to allow all UDP packets. Does not check for the TOS field in the packets.
`<value(0-7)>`		Enter to allow the protocol packets based on the TOS value set. This value ranges from 0 to 7. This value represents different combination of TOS. 0 - Allows all protocol packets. Does not check for the TOS field in the packets. 1 - Allows the protocol packets having TOS field set as high reliability. 2 - Allows the protocol packets having TOS field set as high throughput. 3 - Allows the protocol packets having TOS field set either as high reliability or high throughput. 4 - Allows the protocol packets having TOS field set as low delay. 5 - Allows the protocol packets having TOS field set either as low delay or high reliability. 6 - Allows the protocol packets having TOS field set either as low delay or high throughput. 7 - Allows the protocol packets having TOS field set either as low delay or high reliability or high throughput.
`dscp`		Enter to configure the Differentiated Services Code Point (DSCP) value to be checked against the packet
`<value((0-63)>`		Enter a DSCP value. This value provides the quality of service control. This value ranges from 0 to 63.
`priority`		Enter to configure the priority of the filter to decide which filter rule is applicable when the packet matches with more than one filter rules. Higher value of ‘filter priority’ implies a higher priority.
`<short (1-255)>`		Enter a priority value. This value ranges from 1 to 255.
`svlan-id`		Enter to configure Service VLAN value to match against incoming packets.
`<vlan-id (1-4094)>`		Enter a value for Service VLAN. This value ranges from 1 to 4094.
`svlan-priority`		Enter to specify the Service VLAN priority value to match against incoming packets.
`<value (0-7)>`		Enter a Service VLAN priority value. This value ranges from 0 to 7.
`cvlan-id`		Enter to configure Customer VLAN value to match against incoming packets.
`<vlan-id (1-4094)>`		Enter a value for Customer VLAN value to match against incoming packets.
`cvlan-priority`		Enter to configure Customer VLAN priority value to match against incoming packets.
`<value (0-7)>`		Enter a customer vlan ID value. This value ranges from 0 to 7.
`double-tag`		Enter to specify that the filter is to be applied on double VLAN tagged packets
`single-tag`		Enter to specify that the filter is to be applied on Single VLAN tagged packets
`redirect`		Enter to redirect the action to the destination interface or set of interfaces.
`<iftype>`		Enter destination interface type.The interface can be: fastethernet – Officially referred to as 100BASE-T standard. This is a version of LAN standard architecture that supports data transfer up to 100 Megabits per second. gigabitethernet – A version of LAN standard architecture that supports data transfer up to 1 Gigabit per second. extreme-ethernet – A version of Ethernet that supports data transfer up to 10 Gigabits per second. This Ethernet supports only full duplex links
`<ifnum>`		Enter to redirect the packets to the specified interface identifier. This is a unique value that represents the specific interface. This value is a combination of slot number and port number separated by a slash, for interface types Gigabitethernet, Fastethernet and Extreme-Ethernet.
`<iface_list>`		Enter to redirect the packets to the list of interfaces.
`load-balance`		Enter to specify the parameters based on which the traffic distribution needs to be done.
`src-ip`		Enter to specify that the traffic distribution is based on the source IP address.
`dst-ip`		Enter to specify that the traffic distribution is based on the destination IP address.
`src-mac`		Enter to specify that the traffic distribution is based on the source MAC address.
`dst-mac`		Enter to specify that the traffic distribution is based on the destination MAC address.
`vlanid`		Enter to specify that the traffic distribution is based on the VLAN ID to be filtered.
`src-tcpport`		Enter to specify that the traffic distribution is based on the source TCP port number.
`dst-tcpport`		Enter to specify that the traffic distribution is based on the destination TCP Port number.
`src-udpport`		Enter to specify that the traffic distribution is based on the source UDP port number
`dst-udpport`		Enter to specify that the traffic distribution is based on the destination UDP port number.
`sub-action`		Enter to configure the VLAN specific sub action to be performed on the packet.
`none`		Enter to specify that the actions related to the VLAN ID will not be considered.
`modify-vlan`		Enter to specify to modify the VLAN ID to which the packet gets classified. The packet could be an untagged or VLAN tagged packet.
`<short (1-4094)>`	Integer	Enter a value for the VLAN ID to which the packet gets classified. This value ranges from 1 to 4094.
`nested-vlan`		Enter to specify to add an outer VLAN tag to the packet with the specified VLAN ID (nested VLAN).
`<short (1-4094)>`	Integer	Enter a value for the outer VLAN tag to the packet with the specified VLAN ID. This value ranges from 1 to 4094.

Mode

Extended ACL IP Configuration Mode

Default

dscp - 1
priority - 1
svlan-id - 0
svlan-priority - 1
cvlan-id - 0
cvlan-priority - 1
single-tag | double-tag - Single tag

Examples

is5comm (config)# ip access-list extended 1001

is5comm (config-ext-nacl)# permit udp any any priority 1

iS5comm(config-ext-nacl)#