BSR 2000 Command Reference Guide

Release 1.0

 

 

access-list (extended)

The extended access-listcommand defines an extended access list to configure and control the flow of routing information and traffic by matching a packet with a permit or deny result. The no access-listcommand deletes the access-list.

Use the access-listcommand to restrict routing update information; control the transmission of packets on an interface, or control virtual terminal line access.

Group Access

ISP

Command Mode

Global Configuration

Command Line Usage

To configure an extended access list for AHP, ESP, GRE, IP, IPINIP, OSPF, PCP, and PIM, use the following command:

access-list <100-199><2000-2699> {deny permit} {<0-255> ahp esp gre ip ipinip ospf pcp pim} {<A.B.C.D> <A.B.C.D> any host <A.B.C.D>} (<A.B.C.D> <A.B.C.D> any host <A.B.C.D>} [diff-serv <0-63>]

To configure an extended access list for ICMP, use the following command:

access-list <100-199><2000-2699> {deny permit} icmp {<A.B.C.D> <A.B.C.D> any host <A.B.C.D>} (<A.B.C.D> <A.B.C.D> any host <A.B.C.D>} [<0-255> administratively-prohibited alternate-address dod-host-prohibited dod-net-prohibited echo echo-reply general-parameter-problem host-isolated host-precedence-unreachable host-redirect host-tos-redirect host-tos-unreachable host-unknown host-unreachable information-reply information-request mask-reply mask-request net-redirect net-tos-redirect net-tos-unreachable net-unreachable network-unknown no-room-for-option option-missing packet-too-big parameter-problem port-unreachable precedence-unreachable protocol-unreachable reassembly-timeout redirect router-advertisement router-solicitation source-quench source-route-failed time-exceeded timestamp-reply timestamp-request ttl-exceeded unreachable]

5-4

MGBI

526363-001-00 Rev. B

Page 390
Image 390
Motorola BSR 2000 manual Access-list extended