Cisco Cisco ASR 5000
ACL Configuration Mode Commands
▀ deny/permit (by host IP address)
▄ Command Line Interface Reference, StarOS Release 18
260
deny
: Indicates the rule, when matched, drops the corresponding packets.
permit
: Indicates the rule, when matched, allows the corresponding packets.
log
Default: Packets are not logged.
Indicates that all packets which match the filter are to be logged.
Indicates that all packets which match the filter are to be logged.
Important:
The logging option is not supported for ACLs applied on SPIO or local contexts.
source_host_address
The IP address of the source host to filter against expressed in IPv4 dotted-decimal notation.
Usage
Define a rule when a very specific remote host is to be blocked. In simplified networks where the access
controls need only block a few hosts, this command allows the rules to be very clear and concise.
controls need only block a few hosts, this command allows the rules to be very clear and concise.
Important:
The maximum number of rules that can be configured per ACL varies depending on how the ACL is
to be used. For more information, refer to the Engineering Rules appendix in the System Administration Guide.
Example
The following commands define two rules with the second logging filtered packets:
permit host 10.2.3.4
deny log host 10.2.3.5
The following sets the insertion point before the first rule defined above:
before permit host 10.2.3.4
The following command sets the insertion point after the second rule defined above:
after deny log host 10.2.3.5
The following deletes the first rule defined above:
no permit host 10.2.3.4