Filter
Top Products
Chapter 6 CLI – Layer 3
P332G-ML User’s Guide 185
ip access-list Command
Use the ip access-list command to create a specific policy rule. This
command defines a policy rule. The access list contains several of these rules. Each
rule pertains to the source IP address, the destination IP address, the protocol, the
protocol ports (if relevant), and to the ACK bit (if relevant).
The syntax for this command is:
[no] ip access-list <access-list-number> <access-list-index>
<command> <protocol> {<source-ip>
<source-wildcard> | any |host
<source-ip>}[<operator> <port> [<port]]
{<destination-ip> <destination-
wildcard>|any |host
<destination-ip>}[<operator> <port>
[<port>]][established] [precedence]
Example:
Router-N>ip access-list 101 23 deny ip any
1.2.0.0 0.0.255.255
To delete a specific rule, use the no form of this command.
<access-list-number> integer (100..149)
<access-list-index> integer (1...9999)
<command> permit | deny | deny-and-notify | fwd0-7
<protocol> ip | tcp | udp | integer (1..255)
<source-ip> ip network
<source-wildcard> ip network wildcard
<operator> eq | lt | gt | range
<port> integer (1..65535)
<destination-ip> ip network
<destination-wildcard> ip network wildcard
<precedence> mandatory | optional]