General security commands, General security commands -84, General security commands access-list (extended) – Enterasys Networks X-Pedition XSR CLI User Manual
Page 628
General Security Commands
16-84 Configuring Security
General Security Commands
access-list (extended)
This command defines an extended IP Access List (ACL) by number ranging from 100 to 199. You
can restrict or allow the following traffic:
•
IP (Any Internet Protocol)
•
TCP (Transmission Protocol)
•
UDP (User Datagram Protocol)
•
ICMP (Internet Control Message Protocol)
•
ESP (Encapsulation Security Payload)
•
GRE (Generic Router Encapsulation) protocol
•
AH (Authentication Header) protocol
New and existing ACL entries can be added/replaced in a particular ACL without you having to
rewrite the entire ACL by using the insert/replace number parameters. If neither the insert nor the
replace option is specified, then the new entry is appended to the list. This is noteworthy since ACL
criteria are evaluated in the order displayed by the
show access-list
command.
Apply restrictions defined by an ACL with
ip access-group
command.
Syntax
access-list list# {insert | replace} entry# {deny | permit}{protocol}|{log}
{srcIpAddr [srcWildCardBits]| [qualifier] | source-port |
host srcIpAddr | any}
range min-sport | max-sport
{dstIpAddr [dstWildCardBits]| [qualifier]|destn-port |
host dstIpAddr | any}
[established]
range min-dprt | max-dprt
type [code]
list#
Extended ACL number, ranging from
100
‐
199
.
insert
New access entry is inserted before existing entry # in the existing ACL. The
show access-list
command from within Global mode sequentially
numbers entries for this purpose.
replace
New access entry replaces an entry # in the existing ACL (the entry # must
already exist.)
entry#
Entry’s list number within the ACL. No number is required for first entry.
deny
Access is denied if specified conditions are met.
permit
Access is permitted if conditions met.
protocol
Specifies the IP protocol: IP, TCP, UDP, ICMP, ESP, GRE, or AH. IP
represents any protocol.
log
Enables alarm logging and reporting of source IP addresses for configured
ACL entries.
srcIPAddr
The source expressed by IP address.