Version 7.2 769 Mediant MSBR
Reference Guide 76 Security
76.5 Access Control List (ACL) Commands
The following describes ACL commands.
76.5.1 access-list
Access lists are used in several system components for classifying IP traffic based on
parameters such as addresses, protocols and ports. The primary usage of access lists is for
filtering unwanted traffic on the system's interfaces.
Access list processing is sequential; for each traffic flow, the list is scanned from the top until
a matching rule is found. When configuring an access list, rules should be entered in
appropriate order.
To attach an access list to an IP interface, see the "access-group" command
documentation.
To remove an access list, use the "no" format of the command.
Syntax
access-list <acl-id> {permit|deny} <protocol> <source-selector>
<dest-selector> <options> <options>
For compatibility purposes, access lists numbered 1-99 and 1300-1999 are defined as limited
("basic") access lists. These access lists cannot contain protocol and port definitions.
Command Description
acl-id
Defines the Access List name identifier for this
access list. It can be a number or a name.
permit|deny Defines the access to the packet:
permit - Allows access to packets that match the
criteria defined.
deny - Blocks access to packets that match the
source and destination IP addresses and service
protocol Defines a traffic protocol:
tcp
udp
icmp
igmp
esp
ah
gre
ip
ip protocol number [0 – 255]
source-selector
Defines the source address and destination address of packets sent
or received by the device.
To Next Page
Loading...
Need help?
General
