Which command option in an extended ACL matches a specific port?

The command option that matches a specific port in an extended Access Control List (ACL) is represented by "eq port-num." This command allows you to specify a precise port number to filter traffic based on that particular protocol port.

In the context of extended ACLs, this capability is crucial as it enables network administrators to finely tune access control by permitting or denying traffic based on both the IP addresses and the transport layer ports (such as TCP or UDP). For instance, if you want to allow HTTP traffic, you would use "eq 80" to match specifically the HTTP port.

The other options serve different purposes and may not be correct for this context. The "eq any" command would broadly match all ports, which is not specific enough for refining traffic control. The "range port-num" option is used when you want to specify a range of ports rather than a single port, which does not meet the criteria of matching exactly one specific port. The "neg port-num" option does not exist in the context of ACLs, as negation in ACL typically works with addresses and not directly on ports.

Thus, the use of "eq port-num" empowers administrators to implement precise policies by matching specific ports that allow or deny particular types