Specifications
Table Of Contents
- Title Page
- Notice
- Contents
- acl Commands
- acl-edit Commands
- aging Commands
- arp Commands
- cli Commands
- configure Command
- copy Command
- dvmrp Commands
- enable Command
- erase Command
- exit Command
- file Commands
- filters Commands
- http Commands
- igmp Commands
- interface Commands
- ip Commands
- ip-router Commands
- Command Summary
- ip-router authentication add key-chain
- ip-router authentication create key-chain
- ip-router global add
- ip-router global set
- ip-router global set trace-options
- ip-router global set trace-state
- ip-router global use provided_config
- ip-router kernel trace
- ip-router policy add filter
- ip-router policy add optional-attributes-list
- ip-router policy aggr-gen destination
- ip-router policy create aggregate-export-source
- ip-router policy create aggr-gen-dest
- ip-router policy create aggr-gen-source
- ip-router policy create aspath-export-source
- ip-router policy create bgp-export-destination
- ip-router policy create bgp-export-source
- ip-router policy create bgp-import-source
- ip-router policy create direct-export-source
- ip-router policy create filter
- ip-router policy create optional-attributes-list
- ip-router policy create ospf-export-destination
- ip-router policy create ospf-export-source
- ip-router policy create ospf-import-source
- ip-router policy create rip-export-destination
- ip-router policy create rip-export-source
- ip-router policy create rip-import-source
- ip-router policy create static-export-source
- ip-router policy create tag-export-source
- ip-router policy export destination
- ip-router policy import source
- ip-router policy redistribute
- ip-router show configuration file
- ip-router show state
- ipx Commands
- l2-tables Commands
- logout Command
- multicast Commands
- mtrace Command
- negate Command
- no Command
- ospf Commands
- Command Summary
- ospf add interface
- ospf add nbma-neighbor
- ospf add network
- ospf add stub-host
- ospf add virtual-link
- ospf create area
- ospf create-monitor
- ospf monitor
- ospf set area
- ospf set ase-defaults
- ospf set export-interval
- ospf set export-limit
- ospf set interface
- ospf set monitor-auth-method
- ospf set trace-options
- ospf set virtual-link
- ospf show
- ospf start|stop
- ping Command
- port Commands
- qos Commands
- reboot Command
- rip Commands
- save Command
- show Command
- snmp Commands
- statistics Commands
- stp Commands
- system Commands
- Command Summary
- system image add
- system image choose
- system image delete
- system image list
- system promimage upgrade
- system set bootprom
- system set contact
- system set date
- system set dns
- system set location
- system set name
- system set password
- system set poweron-selftest
- system set syslog
- system set terminal
- system show
- traceroute Command
- vlan Commands
Chapter 2: acl-edit Commands
SSR Command Line Interface Reference Manual 2 - 3
acl permit|deny
Purpose
Create an ACL rule to permit or deny traffic.
Format
acl
<name>
permit|deny
...
Mode
ACL Editor
Description
The
acl
permit|deny
commands are equivalent to the same commands in the
Configuration mode. You can use these commands to create rules for the ACL that
you are editing. Just like the acl commands in Configuration mode, new rules are
appended to the end of the rules. You can use the move command to re-order the
rules.
Restrictions
You can only add rules for the ACL you specified in the acl-edit command. You cannot
add rules for other ACLs. For example, if you start with acl-edit 110, you cannot add
rules for ACL 121.
Examples
ssr(config)# acl-edit 111
1*: acl 111 permit tcp 10.1.15.0/24 10.1.11.0/24 2000-2002 any
2*: acl 111 permit tcp 10.1.15.0/24 10.1.11.0/24 2003-2005 any
ssr(acl-edit)> acl 111 deny udp
1*: acl 111 permit tcp 10.1.15.0/24 10.1.11.0/24 2000-2002 any
2*: acl 111 permit tcp 10.1.15.0/24 10.1.11.0/24 2003-2005 any
3*: acl 111 deny udp
ssr(acl-edit)>
The above example adds a new rule (deny all UDP traffic) to the ACL 111.