User manual

10-9

10.1.8 permit

Standard ACL Config Commands

Use this command to permit specific packets.

Syntax

permit(A.B.C.D/M|any|host)

permit any(log|rule-precedence)

permit any log(rule-precedence)<1-5000>

permit any rule-precedence<1-5000>

permit host A.B.C.D

Parameters

Usage Guidelines

Use this command to allow traffic based on the source IP address or network address. The last ACE in the

access list is an implict deny statement.

Whenever the interface receives the packet, its content is checked against all the ACE’s in the ACL. It is

allowed based on the ACL configuration.

Example

The example below permits all the traffic that comes to the interface.

RFS7000(config-std-nacl)#permit any rule-precedence 50

RFS7000(config-std-nacl)#

The example below permits traffic from the source network and provides a log message for the same.

RFS7000(config-std-nacl)#permit xxx.xxx.1.0/24 log rule-precedence 60

RFS7000(config-std-nacl)#

A.B.C.D/M Source IP address range to match.

any Any source IP address.

• log – Log matches against this entry.

• rule-precedence<1-500> –

Access-list entry precedence.

host Single host address.

• A.B.C.D – Exact source IP address to match.

NOTE The log option is functional only for router ACL’s. The log option causes an

informational logging message about the packet matching the entry sent to the

console.