Cisco Cisco ASR 5000
ACL Configuration Mode Commands
▀ deny/permit (by IP packets)
▄ Command Line Interface Reference, StarOS Release 18
266
Important:
If the options specified do not exactly match an existing rule, the insertion point does not change.
no
Removes the rule which exactly matches the options specified.
deny | permit
Specifies the rule is either block (deny) or an allow (permit) filter.
deny
: Indicates the rule, when matched, drops the corresponding packets.
permit
: Indicates the rule, when matched, allows the corresponding packets.
log
Default: Packets are not logged.
Indicates all packets which match the filter are to be logged.
Indicates all packets which match the filter are to be logged.
Important:
The logging option is not supported for ACLs applied on SPIO or local contexts.
source_address
The IP address(es) from which the packet originated.
This option is used to filter all packets from a specific IP address or a group of IP addresses.
When specifying a group of addresses, the initial address is configured using this option. The range can then
be configured using the
This option is used to filter all packets from a specific IP address or a group of IP addresses.
When specifying a group of addresses, the initial address is configured using this option. The range can then
be configured using the
source_wildcard
parameter.
source_wildcard
This option is used in conjunction with the
source_address
option to specify a group of addresses for
which packets are to be filtered.
The mask must be entered as a complement:
The mask must be entered as a complement:
Zero-bits in this parameter mean that the corresponding bits configured for the
source_address
parameter must be identical.
One-bits in this parameter mean that the corresponding bits configured for the
source_address
parameter must be ignored.
Important:
The mask must contain a contiguous set of one-bits from the least significant bit (LSB). Therefore,
allowed masks are 0, 1, 3, 7, 15, 31, 63, 127, and 255. For example, acceptable wildcards are 0.0.0.3, 0.0.0.255, and
0.0.15.255. A wildcard of 0.0.7.15 is not acceptable since the one-bits are not contiguous.
0.0.15.255. A wildcard of 0.0.7.15 is not acceptable since the one-bits are not contiguous.
any
Specifies that the rule applies to all packets.
host
Specifies that the rule applies to a specific host as determined by its IP address.
source_host_address
The IP address of the source host to filter against expressed in IPv4 dotted-decimal notation.