Users Guide
Version Description
9.2(1.0) Introduced on the Z9500.
9.0.2.0 Introduced on the S6000.
8.3.19.0 Introduced on the S4820T.
8.3.11.1 Introduced on the Z9000.
8.5.1.0 Added support for the 4-port 40G line cards.
8.3.7.0 Introduced on the S4810.
7.6.1.0 Introduced on the S-Series.
7.5.1.0 Introduced on the C-Series.
6.2.1.1 Introduced.
Usage Information
NOTE: The vrf option is available only when VRF feature is enabled.
show ip
accounting
access-lists
Field
Description
“Extended IP...” Displays the name of the IP ACL.
“seq 5...” Displays the lter. If the keywords count or byte were congured in the lter, the
number of packets or bytes the lter processes is displayed at the end of the line.
“order 4” Displays the QoS order of priority for the ACL entry.
Example
Standard IP ACL Commands
When you create an ACL without any rule and then apply it to an interface, the ACL behavior reects an implicit permit.
The platform supports both Ingress and Egress IP ACLs.
NOTE
: Also refer to the Commands Common to all ACL Types and Common IP ACL Commands sections.
deny
To drop packets with a certain IP address, congure a lter.
Syntax
deny {source | any | host {ip-address}} [no-drop]
To remove this lter, you have two choices:
• Use the no seq sequence-number command if you know the lter’s sequence number.
• Use the no deny {source [mask] | any | host ip-address} command.
Parameters
source Enter the IP address in dotted decimal format of the network from which the packet was
sent.
178 Access Control Lists (ACL)