HP 7000 dl Router manual Ip access-list extended listname

ip access-list extended <listname>

Use the ip access-list extended command to create an empty access list and enter the extended access-list. Use the no form of this command to delete an access list and all the entries contained in it.

The following lists the complete syntax for the ip access-list extended commands:

<action> <protocol> <source IP> <source port> <destination ip> <destination port>

Example:

Source IP Address

[permit deny] [ip tcp udp] [any host <A.B.C.D> <A.B.C.D> <W.W.W.W>] <source port>* [any host <A.B.C.D> <A.B.C.D> <W.W.W.W>] <destination port>*

Destination IP Address

[permit deny icmp [any host <A.B.C.D> <A.B.C.D> <W.W.W.W>]

[any host <A.B.C.D> <A.B.C.D> <W.W.W.W>] <icmp-type>* <icmp-code>* <icmp-message>*

Destination IP Address * = optional

Syntax Description

IP addresses can be expressed in one of three ways:

1.Using the keyword any to match any IP address. For example, entering deny any will effectively shut down the interface that uses the access list because all traffic will match the any keyword.

2.Using the host <A.B.C.D> to specify a single host address. For example, entering permit 196.173.22.253 will allow all traffic from the host with an IP address of 196.173.22.253.

3.Using the <A.B.C.D> <wildcard> format to match all IP addresses in a “range”. Wildcard masks work in reverse logic from subnet mask. Specifying a one in the wildcard mask equates to a “don’t care”. For example, entering deny 192.168.0.0 0.0.0.255 will deny all traffic from the 192.168.0.0/24 network.