Command Line Reference Guide
Related
Commands
deny – assigns a filter to deny IP traffic.
deny tcp – assigns a filter to deny TCP traffic.
ip access-list extended
Name (or select) an extended IP access list (IP ACL) based on IP addresses or protocols.
S5000
Syntax
ip access-list extended access-list-name
To delete an access list, use the no ip access-list extended access-list-
name command.
Parameters
access-list-name
Enter a string up to 140 characters long as the access list name.
Defaults All access lists contain an implicit “deny any”; that is, if no match occurs, the packet is
dropped.
Command Modes CONFIGURATION
Command History
Version 9.0(1.3) Introduced on the S5000.
Usage
Information
The number of entries allowed per ACL is hardware-dependent. For detailed specification on
entries allowed per ACL, refer to your switch documentation.
Example
FTOS(conf)#ip access-list extended TESTListEXTEND
FTOS(config-ext-nacl)#
Related
Commands
ip access-list standard – configures a standard IP access list.
show config – displays the current configuration.
permit
Configure a filter to pass IP packets meeting the filter criteria.
S5000
Syntax
permit {ip | ip-protocol-number} {source mask | any | host ip-
address} {destination mask | any | host ip-address} [count
[byte]] [dscp value] [order] [monitor] [fragments]
To remove this filter, you have two choices:
• Use the no seq sequence-number command if you know the filter’s sequence
number.
197