beautypg.com

Filter (access-list) commands, C-19, Table c-11, filter commands – Paradyne CSU User Manual

Page 401

background image

C. Router CLI Commands, Codes, and Designations

9128-A2-GB20-80

September 2002

C-19

Filter (access-list) Commands

Filter commands are used to create or delete Access Lists.

Table C-11. Filter Commands (1 of 4)

access-list

access-list-num [{

permit

|

deny

}

{ {

source-ip

[

source-wildcard ] |

any

|

host

source-host-ip } |

{

protocol { source-ip source-wildcard |

any

|

host

source-host-ip }

[

src-operator src-port [src-end-port ] ]

{

dest-ip dest-wildcard |

any

|

host

dest-host-i p}

[ [

icmp-msg-type [icmp-msg-code] ] |

[

dest-operator dest-port [dest-end-port ] ] ] }|

{

type-code [

range

end-type-code] } }

no

access-list

access-list-num [{

permit

|

deny

}

{ {

source-ip

[

source-wildcard] |

any

|

host

source-host-ip } |

{

protocol { source-ip source-wildcard

|

any

|

host

source-host-ip }

[

src-operator src-port [src-end-port] ]

{

dest-ip dest-wildcard |

any

|

host

dest-host-ip }

[ [

icmp-msg-type [icmp-msg-code] ] |

[

dest-operator dest-port [ dest-end-port ] ] ] } |

{

type-code [

range

end-type-code ] } }

Minimum Access Level: Administrator
Command Mode: config

Allows a user to create or delete a rule for an access list. Access lists default to an implicit
deny statement for everything. Access lists are terminated by an implicit deny.

access-list-num

– The access list number. Valid ranges for access lists are:

1– 99 – Standard IP access lists.

100 –199 – Extended IP access lists.

200 – 299 – Protocol type-code access lists.

permit – Specifies to permit access and forward packets matching the criteria.

deny – Specifies to deny access and discard packets matching the criteria.

For Standard IP Access Lists:

Example:

access-list 1 permit 10.1.1.1

source-ip

– The source IP Address to match.

source-wildcard – Specifies a 32-bit wildcard mask indicating the bit positions in the
source IP address to ignore during matches. This argument must be supplied when a
source-ip address is specified.

any – Specifies to match any source host. A source-ip of 0.0.0.0 and a source-wildcard

of

255.255.255.255 are specified.

host – Specify a single host source address to match.

source

-

host-ip

– The source host IP address to match.

(Continued on next page)

This manual is related to the following products:
See also other documents in the category Paradyne Hardware: