C613-50631-01 Rev A Command Reference for IE340 Series 2013
AlliedWare Plus™ Operating System - Version 5.5.3-0.x
IPV4 SOFTWARE ACCESS CONTROL LIST (ACL) COMMANDS
ACCESS
-LIST (EXTENDED NUMBERED)
access-list (extended numbered)
Overview This command configures an extended numbered access-list that permits or
denies packets from specific source and destination IP addresses. You can:
• use this command to enter a new or existing ACL number and enter the IPv4
Extended ACL Configuration mode. Once in that mode, you can create an
ACL filter entry. This approach lets you give the entry a sequence number.
• or, use this command to create an ACL and an ACL filter entry at the same
time. With this approach, you cannot give the entry a sequence number, so
the entry will go after any existing entries.
The no variant of this command removes a specified extended named access-list.
Syntax [to enter
the sub-mode]
access-list {<100-199>|<2000-2699>}
no access-list {<100-199>|<2000-2699>}
Syntax [to create
an ACL entry]
access-list {<100-199>|<2000-2699>} {deny|permit} ip <source>
<destination>
no access-list {<100-199>|<2000-2699>} {deny|permit} ip
<source> <destination>
Parameter Description
<100-199> IP extended access-list.
<2000-2699> IP extended access-list (expanded range).
deny Access-list rejects packets that match the source and destination
filtering specified with this command.
permit Access-list permits packets that match the source and destination
filtering specified with this command.
<source> The source address of the packets. You can specify a single host, a
subnet, or all sources. The following are the valid formats for
specifying the source:
any Matches any source IP address.
host <ip-addr> Matches a single source host with the IP
address given by <ip-addr> in dotted
decimal notation.
<ip-addr>
<reverse-mask>
An IPv4 address, followed by a reverse
mask in dotted decimal format. For
example, entering 192.168.1.1
0.0.0.255 is the same as entering
192.168.1.1/24. This matches any
source IP address within the specified
subnet.
<destination> The destination address of the packets. You can specify a single
host, a subnet, or all destinations. The following are the valid
formats for specifying the destination:
To Next Page
Loading...
Need help?
General
