Testing for Ports and Services
The ability to filter on protocol and port number allows network administrators to build very specific extended ACLs. An application can be specified by configuring either the port number or the name of a well-known port.
Figure 1 shows some examples of how an administrator specifies a TCP or UDP port number by placing it at the end of the extended ACL statement. Logical operations can be used, such as equal (eq), not equal (neq), greater than (gt), and less than (lt).
Figure 2 shows how to display a list of port numbers and keywords that can be used when building an ACL using the command:
R1(config)# access-list 101 permit tcp any any eq ?