Reference Guide
Access Control Lists (ACL) | 117
Standard IP ACL Commands
When an ACL is created without any rule and then applied to an interface, ACL behavior reflects an
implicit permit.
s platforms (except the S4810) support Ingress IP ACLs only.
The and Z9000 support both Ingress and Egress IP ACLs.
The commands needed to configure a Standard IP ACL are:
• deny
• ip access-list standard
• permit
• resequence access-list
• resequence prefix-list ipv4
• seq
deny
s z
Configure a filter to drop packets with a certain IP address.
Syntax
deny {source [mask] | any | host ip-address} [count [byte] ] [dscp value] [order]
[fragments]
To remove this filter, you have two choices:
• Use the no seq sequence-number command syntax if you know the filter’s sequence number or
• Use the no deny {source [mask] | any | host ip-address} command.
Parameters
“seq 5...” Displays the filter. If the keywords count or byte were configured in the
filter, the number of packets or bytes processed by the filter is displayed at
the end of the line.
“order 4” Displays the QoS order of priority for the ACL entry.
Table 6-1. show ip accounting access-lists Command Example Field
Field Description
Note: See also Commands Common to all ACL Types and Common IP ACL Commands.
S6000
S6000
source
Enter the IP address in dotted decimal format of the network from which the
packet was sent.
mask
(OPTIONAL) Enter a network mask in /prefix format (/x) or A.B.C.D. The mask,
when specified in A.B.C.D format, may be either contiguous or non-contiguous
(discontiguous).
any Enter the keyword any to specify that all routes are subject to the filter.
host ip-address Enter the keyword host followed by the IP address to specify a host IP address
only.