Filter
Top Products
Security Configuration Command Set
Configuring Access Lists
14-164 Matrix NSA Series Configuration Guide
14.3.12.3 access-list (extended)
Use this command to define an extended IP access list by number when operating in router mode.
Restrictions defined by an access list are applied by using the ip access-group command as
described in Section 14.3.12.4.
access-list access-list-number [insert | replace entry] | [log 1-5000 | all] [move
destination source1 [source2]] {deny | permit} protocol source [source-wildcard]
[operator [port]] destination [destination-wildcard] [operator [port]]
[tos-extensions][icmp-type [icmp-code] [established] [log]
To insert or replace an ACL entry:
access-list access-list-number insert | replace entry
To move entries within an ACL:
access-list access-list-number move destination source1 [source2]
To log entries within an ACL:
access-list access-list-number log 1-5000 | all
To apply ACL restrictions to IP, UDP, TCP or ICMP packets:
access-list access-list-number {
deny | permit} protocol source [source-wildcard]
[operator [port]] destination [destination-wildcard] [operator [port]]
[tos-extensions][icmp-type [icmp-code] [established] [log]
* Advanced License Required *
Configuring extended access control lists (ACLs) is an advanced routing feature that must be
enabled with a license key. If you have purchased an advanced routing license and have enabled
routing on the device, you must activate your license as described in Section 13.2.1 in order to
enable the extended access list command set. If you wish to purchase an advanced routing
license, contact Enterasys Networks Sales.
NOTE: Valid access-list-numbers for extended ACLs are 100 to 199. For standard
ACLs, valid values are 1 to 99.