Command Reference Guide
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 258
ACLs are performed in order from the top of the list down. Generally the most specific entries should be at
the top and the most general at the bottom.
The following commands are contained in the access-list standard:
remark
Use the remark command to associate a descriptive tag (up to 80 alphanumeric characters encased in
quotation marks) to the access-list. Enter a functional description for the list such as “This list blocks all
outbound web traffic”.
log
use the log keyword to log a message (if debug access-list is enabled for this access list) when the access
list finds a packet match.
permit or deny any
Use the any keyword to match any IP address received by the access list. For example, the following
allows all packets through the configured access list:
(config)#ip access-list standard MatchAll
(config-std-nacl)#permit any
permit or deny host <ip address>
Use the host <A.B.C.D> keyword to specify a single host address. For example, the following allows all
traffic from the host with an IP address of 196.173.22.253.
(config)#ip access-list standard MatchHost
(config-std-nacl)#permit 196.173.22.253
permit or deny <ip address> <wildcard>
Use the <A.B.C.D> <wildcard> format to match all IP addresses in a “range”. Wildcard masks work in
reverse logic from subnet mask. Specifying a one in the wildcard mask equates to a “don’t care”. For
example, the following denies all traffic from the 192.168.0.0/24 network:
(config)#ip access-list standard MatchNetwork
(config-std-nacl)#deny 192.168.0.0 0.0.0.255