CLI Guide
Related
Commands
• ip access-list extended — create an extended access list.
• show config — display the current configuration.
permit
To permit packets from a specific source IP address to leave the switch, configure a filter.
Syntax
permit {source [mask]| any | host ip-address} [no-drop]
To remove this filter, you have two choices:
• Use the no seq sequence-number command if you know the filter’s
sequence number.
• Use the no permit {source [mask] | any | host ip-address}
command.
Parameters
source Enter the IP address in dotted decimal format of the
network from which the packet was sent.
mask (OPTIONAL) Enter a network mask in /prefix format (/x) or
A.B.C.D. The mask, when specified in A.B.C.D format, may
be either contiguous or non-contiguous.
any Enter the keyword any to specify that all routes are subject
to the filter. You can enter any of the following keywords to
specify route types.
• bytes — Enter the keyword bytes to count bytes
processed by the filter.
• count — Enter the keyword count to count packets the
filter processes.
• dscp — Enter the keyword dcsp to match to the IP
DCSCP values.
• fragments — Enter the keyword fragments to match
to non-initial fragments of a datagram.
• order — Enter the keyword order to specify the QoS
priority for the ACL entry. The range is from 0 to 254
(where 0 is the highest priority and 254 is the lowest;
lower-order numbers have a higher priority). If you do
not use the keyword order, the ACLs have the lowest
order by default (255).
host ip-address Enter the keyword host then the IP address to specify a
host IP address or hostname.
no-drop Enter the keywords no-drop to match only the forwarded
packets.
Defaults Not configured.
Command Modes CONFIGURATION-STANDARD-ACCESS-LIST
202
Access Control Lists (ACL)