Defaults All access lists contain an implicit “deny any”; that is, if no match occurs, the packet is
dropped.
Command Modes CONFIGURATION
Command History
Version 8.3.11.1 Introduced on the Z9000.
Version 8.3.10.0 Introduced on the S4810.
Version 8.1.1.0 Introduced on the E-Series ExaScale.
Version 7.8.1.0 Increased the name string to accept up to 140 characters. Prior to
7.8.1.0, names were up to 16 characters long.
Version 7.6.1.0 Introduced on the S-Series.
Version 7.5.1.0 Introduced on the C-Series.
pre-Version
6.2.1.1
Introduced on the E-Series.
Usage
Information
The number of entries allowed per ACL is hardware-dependent. For detailed specification on
entries allowed per ACL, refer to your line card documentation.
Prior to 7.8.1.0, names are up to 16 characters long.
Example
FTOS(conf)#ip access-list extended TESTListEXTEND
FTOS(config-ext-nacl)#
Related
Commands
ip access-list standard – configures a standard IP access list.
show config – displays the current configuration.
permit
Configure a filter to pass IP packets meeting the filter criteria.
C-Series, E-Series, S-Series, Z-Series, S4810
Syntax
permit {ip | ip-protocol-number} {source mask | any | host ip-
address} {destination mask | any | host ip-address} [count
[byte] | log] [dscp value] [order] [monitor] [fragments]
To remove this filter, you have two choices:
• Use the no seq sequence-number command if you know the filter’s sequence
number.
• Use the no deny {ip | ip-protocol-number} {source mask | any
| host ip-address} {destination mask | any | host ip-
address} command.
Parameters
ip Enter the keyword ip to configure a generic IP access list. The
keyword
ip specifies that the access list will permit all IP protocols.
ip-protocol-
number
Enter a number from 0 to 255 to permit based on the protocol
identified in the IP protocol header. The S4810 range is 0 to 128.
241
To Next Page
Loading...
