SROS Command Line Interface Reference Guide

Global Configuration Mode Command Set

 

 

ACLs are performed in order from the top of the list down. Generally the most specific entries should be at the top and the most general at the bottom.

The following commands are contained in the access-list standard:

remark

Use the remark command to associate a descriptive tag (up to 80 alphanumeric characters encased in quotation marks) to the access-list. Enter a functional description for the list such as “This list blocks all outbound web traffic”.

log

use the log keyword to log a message (if debug access-list is enabled for this access list) when the access list finds a packet match.

permit or deny any

Use the any keyword to match any IP address received by the access list. For example, the following allows all packets through the configured access list:

(config)#ip access-list standard MatchAll

(config-std-nacl)#permit any

permit or deny host <ip address>

Use the host <A.B.C.D> keyword to specify a single host address. For example, the following allows all traffic from the host with an IP address of 196.173.22.253.

(config)#ip access-list standard MatchHost (config-std-nacl)#permit 196.173.22.253

permit or deny <ip address> <wildcard>

Use the <A.B.C.D> <wildcard> format to match all IP addresses in a “range”. Wildcard masks work in reverse logic from subnet mask. Specifying a one in the wildcard mask equates to a “don’t care”. For example, the following denies all traffic from the 192.168.0.0/24 network:

(config)#ip access-list standard MatchNetwork (config-std-nacl)#deny 192.168.0.0 0.0.0.255

5991-2114

© Copyright 2005 Hewlett-Packard Development Company, L.P.

258

Page 258
Image 258
HP 7000 dl Router Remark, Log, Permit or deny any, Config#ip access-list standard MatchAll, Permit or deny host ip address