Filter
Top Products
Security Configuration Command Set
Configuring Access Lists
Matrix NSA Series Configuration Guide 14-165
Syntax Description
access-list-number Specifies an extended access list number. Valid values are
from 100 to 199.
insert | replace
entry
(Optional) Inserts this new entry before a specified entry in
an existing ACL, or replaces a specified entry with this new
entry.
log 1-5000 | all Enable syslog for ACL entry hits. Enable syslog for
sequential numbers of ACL entries or for all ACL entries.
move destination
source1 source2
(Optional) Moves a sequence of access list entries before
another entry. Destination is the number of the existing
entry before which this new entry will be moved. Source1 is
a single entry number or the first entry number in the range
to be moved. Source2 (optional) is the last entry number in
the range to be moved. If not specified, only the source1
entry will be moved.
deny | permit Denies or permits access if specified conditions are met.
protocol Specifies an IP protocol for which to deny or permit access.
Valid values and their corresponding protocols are:
• 0 – 255 - Any IP protocol number, as listed in
http://www.iana.org/assignments/protocol-numbers
• ip - Any Internet protocol
• icmp - Internet Control Message Protocol
• udp - User Datagram Protocol
• tcp - Transmission Protocol
• ah - Authentication Header Protocol
• esp - Encapsulation Security Payload
• gre - Generic Router Encapsulation Protocol
source Specifies the network or host from which the packet will be
sent. Valid options for expressing source are:
• IP address or range of addresses (A.B.C.D)
• any - Any source host
• host source - IP address of a single source host
source-wildcard (Optional) Specifies the bits to ignore in the source address.