User Manual
403
Users Manual of XGS-6350-24X4C
The standard access list and the extensible access list cannot have the same
name.
Run the following command in global configuration mode to create a standard access list:
Run… To…
ip access-list standardname
Use a name to define a standard access list.
deny {source [source-mask] |
any}[log] or permit {source
[source-mask] | any}[log]
Designate one or multiple permit/deny
conditions in standard access list
configuration mode. The previous setting
decides whether the packet is approved or
disapproved.
Exit Log out from the access list configuration
mode.
Run the following command in global configuration mode to create an extensible access list.
Run… To…
ip access-list extended name
Use a name to define an extensible IP
access list.
{deny | permit}
protocolsourcesource-maskdes
tination destination-mask
[precedenceprecedence]
[tostos] [established]
[log]{deny | permit}
protocolany any
Designate one or multiple permit/deny
conditions in extensible access list
configuration mode. The previous setting
decides whether the packet is approved or
disapproved.
precedence means the priority of the IP
packet; TOS means Type of Service.
Exit Log out from the access list configuration
mode.
After the access list is originally created, any part that is added later can be put at the end of the list. That is to
say, you cannot add the command line to the designated access list. However, you can run no permit and no
deny to delete items from the access list.
When you create the access list, the end of the access list includes the implicit
deny sentence by default. If the mask is omitted in the relative IP host address
access list, 255.255.255.255 is supposed to be the mask.
After the access list is created, the access list must be applied on the route or
interface. For details, refer to section 4.2.3 “Applying the Access List to the
Interface”.