Paradyne CSU Manuale Utente
C. Router CLI Commands, Codes, and Designations
9128-A2-GB20-80
September 2002
C-19
Filter (access-list) Commands
Filter commands are used to create or delete Access Lists.
Table C-11. Filter Commands (1 of 4)
access-list
access-list-num
[{
permit
|
deny
}
{ {
source-ip
[
source-wildcard
] |
any
|
host
source-host-ip
} |
{
protocol
{
source-ip
source-wildcard
|
any
|
host
source-host-ip
}
[
src-operator
src-port
[
src-end-port
] ]
{
dest-ip
dest-wildcard
|
any
|
host
dest-host-i p
}
[ [
icmp-msg-type
[
icmp-msg-code
] ] |
[
dest-operator
dest-port
[
dest-end-port
] ] ] }|
{
type-code
[
range
end-type-code
] } }
no
access-list
access-list-num
[{
permit
|
deny
}
{ {
source-ip
[
source-wildcard
] |
any
|
host
source-host-ip
} |
{
protocol
{
source-ip
source-wildcard
|
any
|
host
source-host-ip
}
[
src-operator
src-port
[
src-end-port
] ]
{
dest-ip
dest-wildcard
|
any
|
host
dest-host-ip
}
[ [
icmp-msg-type
[
icmp-msg-code
] ] |
[
dest-operator
dest-port
[
dest-end-port
] ] ] } |
{
type-code
[
range
end-type-code
] } }
Minimum Access Level: Administrator
Command Mode: config
Command Mode: config
Allows a user to create or delete a rule for an access list. Access lists default to an implicit
deny statement for everything. Access lists are terminated by an implicit deny.
deny statement for everything. Access lists are terminated by an implicit deny.
access-list-num – The access list number. Valid ranges for access lists are:
1– 99 – Standard IP access lists.
100 –199 – Extended IP access lists.
200 – 299 – Protocol type-code access lists.
permit – Specifies to permit access and forward packets matching the criteria.
deny – Specifies to deny access and discard packets matching the criteria.
For Standard IP Access Lists:
Example:
access-list 1 permit 10.1.1.1
source-ip – The source IP Address to match.
source-wildcard – Specifies a 32-bit wildcard mask indicating the bit positions in the
source IP address to ignore during matches. This argument must be supplied when a
source-ip address is specified.
source IP address to ignore during matches. This argument must be supplied when a
source-ip address is specified.
any – Specifies to match any source host. A source-ip of 0.0.0.0 and a source-wildcard of
255.255.255.255 are specified.
255.255.255.255 are specified.
host – Specify a single host source address to match.
source-host-ip – The source host IP address to match.
(Continued on next page)