Cisco Cisco ASR 5000
ACL Configuration Mode Commands
▀ deny/permit (any)
▄ Command Line Interface Reference, StarOS Release 18
258
deny | permit
Specifies the rule is either block (deny) or an allow (permit) filter.
deny
: Indicates the rule, when matched, drops the corresponding packets.
permit
: Indicates the rule, when matched, allows the corresponding packets.
log
Default: Packets are not logged.
Indicates all packets which match the filter are to be logged.
Indicates all packets which match the filter are to be logged.
Important:
The logging option is not supported for ACLs applied on SPIO or local contexts.
any
Indicates all packets will match the filter regardless of source and/or destination.
Usage
Define a catch all rule to place at the end of the list of rules.
Important:
It is suggested that any rule which is added to be a catch all should also have the
log
option
specified. The logged packets may be used to determine if the current list of rules is adequate or needs modification to
ensure proper security. The maximum number of rules that can be configured per ACL varies depending on how the
ACL is to be used. For more information, refer to the Engineering Rules appendix in the System Administration Guide.
ensure proper security. The maximum number of rules that can be configured per ACL varies depending on how the
ACL is to be used. For more information, refer to the Engineering Rules appendix in the System Administration Guide.
Example
The following commands define two rules with the second logging filtered packets:
permit any
deny log any
The following sets the insertion point before the first rule defined above:
before permit any
The following command sets the insertion point after the second rule defined above:
after deny log any
The following deletes the first rule defined above:
no permit any