HP 7000 dl Router manual Ip access-list standard listname

ip access-list standard <listname>

Use the ip access-list standard command to create an empty access list and enter the standard access-list. Use the no form of this command to delete an access list and all the entries contained in it.

The following lists the complete syntax for the ip access-list standard commands:

ip access-list standard <listname> [permit or deny] any [permit or deny] host <ip address> [permit or deny] <ip address> <wildcard>

Syntax Description

IP addresses can be expressed in one of three ways:

1.Using the keyword any to match any IP address. For example, entering deny any will effectively shut down the interface that uses the access list because all traffic will match the any keyword.

2.Using the host <A.B.C.D> to specify a single host address. For example, entering permit 196.173.22.253 will allow all traffic from the host with an IP address of 196.173.22.253.

3.Using the <A.B.C.D> <wildcard> format to match all IP addresses in a “range”. Wildcard masks work in reverse logic from subnet mask. Specifying a one in the wildcard mask equates to a “don’t care”. For example, entering deny 192.168.0.0 0.0.0.255 will deny all traffic from the 192.168.0.0/24 network.

Default Values

By default, all Secure Router OS security features are disabled and there are no configured access lists.

Command Modes

Functional Notes

Access control lists are used as packet selectors by access policies (ACPs); by themselves they do nothing. ACLs are composed of an ordered list of entries with an implicit deny all at the end of each list. An ACL entry contains two parts: an action (permit or deny) and a packet pattern. A permit ACL is used to allow packets (meeting the specified pattern) to enter the router system. A deny ACL advances the Secure Router OS to the next access policy entry. The Secure Router OS provides two types of ACLs: standard and extended. Standard ACLs allow source IP address packet patterns only. Extended ACLs may specify patterns using most fields in the IP header and the TCP or UDP header.